cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Databricks-jdbc and vulnerabilities CVE-2022-42004, CVE-2022-42003

Lars_J
New Contributor

โ€Ž10-07-2022 02:04 PM

The latest version of Databricks-jdbc available through Maven (2.6.29) now has these two vulnerabilities:

All due to depending on and including in the jar the library jackson-databind 2.13.2.2.

Is there a possibility to have a new updated version of Databricks-jdbc that uses jackson 2.14.0-rc1? (the currently only jackson-databind version that passes the two vulnerability checks above)

We are currently using the databricks-jdbc driver in an environment where we can only get an exception for this that lasts a short time.

Also - If databricks-jdbc was available in thin form on Maven, we would be able to fix it ourselves. Is that possible to do?

Thanks! - Lars

0 Kudos
2 REPLIES 2

Hubert-Dudek
Esteemed Contributor III

โ€Ž10-16-2022 03:26 AM

I think you need to contact support or your sales representative from Databricks.

0 Kudos

Anonymous
Not applicable

โ€Ž11-16-2022 09:06 PM

Hi @Lars Joretegโ€‹ 

Does @Hubert Dudekโ€‹  response answer your question? If yes, would you be happy to mark it as best so that other members can find the solution more quickly?

We'd love to hear from you.

Thanks!

0 Kudos
Announcements
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.