https://community.databricks.com/t5/data-engineering/databricks-jdbc-and-vulnerabilities-cve-2022-42004-cve-2022/m-p/28354#M20174 <P>Hi @Lars Joreteg​&nbsp;</P><P></P><P>Does @Hubert Dudek​&nbsp; response answer your question? If yes, would you be happy to <B>mark it as best </B>so that other members can find the solution more quickly?</P><P></P><P>We'd love to hear from you.</P><P></P><P>Thanks!</P><P></P><P></P> Thu, 17 Nov 2022 05:06:46 GMT Anonymous 2022-11-17T05:06:46Z https://community.databricks.com/t5/data-engineering/databricks-jdbc-and-vulnerabilities-cve-2022-42004-cve-2022/m-p/28352#M20172 <P>The latest version of Databricks-jdbc available through Maven (2.6.29) now has these two vulnerabilities:</P><UL><LI><A href="https://nvd.nist.gov/vuln/detail/CVE-2022-42004" alt="https://nvd.nist.gov/vuln/detail/CVE-2022-42004" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2022-42004</A></LI><LI><A href="https://nvd.nist.gov/vuln/detail/CVE-2022-42003" alt="https://nvd.nist.gov/vuln/detail/CVE-2022-42003" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2022-42003</A></LI></UL><P>All due to depending on and including in the jar the library j<B>ackson-databind 2.13.2.2</B>.</P><P></P><P>Is there a possibility to have a new updated version of <B>Databricks-jdbc</B> that uses <B>jackson 2.14.0-rc1</B>? (the currently only jackson-databind version that passes the two vulnerability checks above)</P><P></P><P>We are currently using the databricks-jdbc driver in an environment where we can only get an exception for this that lasts a short time.</P><P></P><P>Also - If databricks-jdbc was available in thin form on Maven, we would be able to fix it ourselves. Is that possible to do?</P><P></P><P>Thanks! - Lars</P> Fri, 07 Oct 2022 21:04:38 GMT https://community.databricks.com/t5/data-engineering/databricks-jdbc-and-vulnerabilities-cve-2022-42004-cve-2022/m-p/28352#M20172 Lars_J 2022-10-07T21:04:38Z https://community.databricks.com/t5/data-engineering/databricks-jdbc-and-vulnerabilities-cve-2022-42004-cve-2022/m-p/28353#M20173 <P>I think you need to contact support or your sales representative from Databricks.</P> Sun, 16 Oct 2022 10:26:17 GMT https://community.databricks.com/t5/data-engineering/databricks-jdbc-and-vulnerabilities-cve-2022-42004-cve-2022/m-p/28353#M20173 Hubert-Dudek 2022-10-16T10:26:17Z https://community.databricks.com/t5/data-engineering/databricks-jdbc-and-vulnerabilities-cve-2022-42004-cve-2022/m-p/28354#M20174 <P>Hi @Lars Joreteg​&nbsp;</P><P></P><P>Does @Hubert Dudek​&nbsp; response answer your question? If yes, would you be happy to <B>mark it as best </B>so that other members can find the solution more quickly?</P><P></P><P>We'd love to hear from you.</P><P></P><P>Thanks!</P><P></P><P></P> Thu, 17 Nov 2022 05:06:46 GMT https://community.databricks.com/t5/data-engineering/databricks-jdbc-and-vulnerabilities-cve-2022-42004-cve-2022/m-p/28354#M20174 Anonymous 2022-11-17T05:06:46Z