deepakpanda93 opened a new pull request, #13828: URL: https://github.com/apache/hudi/pull/13828
### Change Logs Upgrading jackson-databind to 2.15.2 to matchup with Hadoop jackson-databind ### Impact Fixing critical CVEs related to jackson-databind ### Risk level (write none, low medium or high below) low ### Documentation Update Upgrading jackson-databind to 2.15.2 to matchup with Hadoop jackson-databind Hudi is using jackson-databind version as 2.10.0, but jackson-databind version used in hadoop is 2.15.2. And it is overriding the hudi jackson-databind version. Also, version 2.10.0 pull couple of CRITICAL CVEs. To address these problems we can upgrade jackson-databind version to 2.15.2. ### Contributor's checklist - [ ] Read through [contributor's guide](https://hudi.apache.org/contribute/how-to-contribute) - [ ] Change Logs and Impact were stated clearly - [ ] Adequate tests were added if applicable - [ ] CI passed -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
