[ https://issues.apache.org/jira/browse/FLINK-29638?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergey Nuyanzin updated FLINK-29638: ------------------------------------ Description: There is a CVE-2022-42003 fixed in 2.13.4.1 and 2.14.0-rc1 https://nvd.nist.gov/vuln/detail/CVE-2022-42003 P.S. It seems there will not be 2.14.0 release until end of October according to https://github.com/FasterXML/jackson-databind/issues/3590#issuecomment-1270363915 was: There is a CVE-2022-42003 fixed in 2.13.4.1 and 2.14.0-rc1 P.S. It seems there will not be 2.14.0 release until end of October according to https://github.com/FasterXML/jackson-databind/issues/3590#issuecomment-1270363915 > Update jackson bom because of CVE-2022-42003 > -------------------------------------------- > > Key: FLINK-29638 > URL: https://issues.apache.org/jira/browse/FLINK-29638 > Project: Flink > Issue Type: Technical Debt > Reporter: Sergey Nuyanzin > Priority: Major > > There is a CVE-2022-42003 fixed in 2.13.4.1 and 2.14.0-rc1 > https://nvd.nist.gov/vuln/detail/CVE-2022-42003 > P.S. It seems there will not be 2.14.0 release until end of October according > to > https://github.com/FasterXML/jackson-databind/issues/3590#issuecomment-1270363915 -- This message was sent by Atlassian Jira (v8.20.10#820010)