Hi all, jackson-mapper-asl-1.9.13 has CVE-2019-10172 vulnerability and still uses at the latest Hadoop releases. I found that there was create https://issues.apache.org/jira/browse/HADOOP-17225 and added patch but it still not merged. Could someone tell me - does community have some plan to resolve this vulnerability or not?
Regards, Sergey
