You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The shaded JAR of linkedin's calcite-core contains several Jackson libraries at versions 2.13.2, which is relatively new (but still has some CVE's atached to it), and jackson-databind 2.9.10.8, which is pretty old at this point. Since this is a shaded JAR, we who depend on this library can't force a newer version of Jackson without re-forking the library and rebuilding the JAR, so hereby I'm asking to bump the version of Jackson. Thanks!
The text was updated successfully, but these errors were encountered:
The shaded JAR of linkedin's
calcite-core
contains several Jackson libraries at versions 2.13.2, which is relatively new (but still has some CVE's atached to it), andjackson-databind
2.9.10.8, which is pretty old at this point. Since this is a shaded JAR, we who depend on this library can't force a newer version of Jackson without re-forking the library and rebuilding the JAR, so hereby I'm asking to bump the version of Jackson. Thanks!The text was updated successfully, but these errors were encountered: