Jackson has a serious security problem in 2.9.7, which will cause RCE #327

wcc526 · 2020-05-20T10:23:20Z

tmgstevens · 2020-05-20T13:40:04Z

I've just tried building this and get the following:
[ERROR] Failed to execute goal on project flume-hdfs-sink: Could not resolve dependencies for project org.apache.flume.flume-ng-sinks:flume-hdfs-sink:jar:1.10.0-SNAPSHOT: The following artifacts could not be resolved: com.fasterxml.jackson.core:jackson-annotations:jar:2.9.10.3, com.fasterxml.jackson.core:jackson-core:jar:2.9.10.3: Could not find artifact com.fasterxml.jackson.core:jackson-annotations:jar:2.9.10.3 in central (https://repo.maven.apache.org/maven2)

wcc526 · 2020-05-21T01:08:50Z

sorry ,the new version is 2.9.10,I have modified it

bessbd

LGTM, +1. I'll leave some time for @tmgstevens to review and merge if he wants to.

bessbd · 2020-05-21T20:36:47Z

@wcc526, thank you for the patch!
@tmgstevens, thank you for the merge!

Jackson has a serious security problem in 2.9.7, which will cause RCE

30a9baa

FasterXML/jackson-databind#2295

Update pom.xml

b74bd19

bessbd approved these changes May 21, 2020

View reviewed changes

tmgstevens merged commit 59ffd4f into apache:trunk May 21, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Jackson has a serious security problem in 2.9.7, which will cause RCE #327

Jackson has a serious security problem in 2.9.7, which will cause RCE #327

wcc526 commented May 20, 2020

tmgstevens commented May 20, 2020

wcc526 commented May 21, 2020

bessbd left a comment

bessbd commented May 21, 2020

Jackson has a serious security problem in 2.9.7, which will cause RCE #327

Jackson has a serious security problem in 2.9.7, which will cause RCE #327

Conversation

wcc526 commented May 20, 2020

tmgstevens commented May 20, 2020

wcc526 commented May 21, 2020

bessbd left a comment

Choose a reason for hiding this comment

bessbd commented May 21, 2020