Bo Cui created FLINK-22602:
------------------------------
Summary: Upgrade parquet to 1.12.0 due to CVEs
Key: FLINK-22602
URL: https://issues.apache.org/jira/browse/FLINK-22602
Project: Flink
Issue Type: Bug
Components: Formats (JSON, Avro, Parquet, ORC, SequenceFile)
Affects Versions: 1.12.3, 1.13.0, 1.13.1
Reporter: Bo Cui
We scanned jackson-databind&core for some vulnerabilities
(CVE-2020-24616/CVE-2021-20190/CVE-2020-36184/CVE-2020-36183/CVE-2020-9546...).
Apache Parquet depends on them, so we upgraded parquet to version 1.12.0.
parquet code
link:https://github.com/apache/parquet-mr/blob/db75a6815f2ba1d1ee89d1a90aeb296f1f3a8f20/pom.xml#L78
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
