In spark master branch, the version of Jackson jars have been upgraded to 2.9.9 https://github.com/apache/spark/commit/bd8732300385ad99d2cec3a4af49953d8925eaf6
[SPARK-27757][CORE] Bump Jackson to 2.9.9 - This has been done to address CVE-2019-12086. Could you confirm why Jackson jars are not upgraded in older branches like 2.3 etc? Thanks, Pavithra R Huawei Technologies India Pvt. Ltd. Survey No. 37, Next to EPIP Area, Kundalahalli, Whitefield Bengaluru-560066, Karnataka Tel: + 91-80-49160700 Ext 72060II Mob: 9790706742 Email: pavithr...@huawei.com [Company_logo] ________________________________ This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!
