Re: High/Critical CVEs in jackson-mapper-asl (spark 3.5.5)

Seems like the Jackson version hasn't changed since Spark 1.4 (pom.xml ). Even Spark 4 is still using this super old (2013) version. Maybe it's time ... El mar, 18 mar 2025 a las 16:05, Mohammad, Ejas Ali () escribió: > Hi Spark Community,

High/Critical CVEs in jackson-mapper-asl (spark 3.5.5)

Hi Spark Community, I hope you are doing well. We have identified high and critical CVEs related to the jackson-mapper-asl package used in Apache Spark 3.5.5. We would like to understand if there are any official fixes or recommended mitigation steps available for these vulnerabilities. | CVE