cancel
Showing results for 
Search instead for 
Did you mean: 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Databricks-jdbc and vulnerabilities CVE-2022-42004, CVE-2022-42003

Lars_J
New Contributor

The latest version of Databricks-jdbc available through Maven (2.6.29) now has these two vulnerabilities:

All due to depending on and including in the jar the library jackson-databind 2.13.2.2.

Is there a possibility to have a new updated version of Databricks-jdbc that uses jackson 2.14.0-rc1? (the currently only jackson-databind version that passes the two vulnerability checks above)

We are currently using the databricks-jdbc driver in an environment where we can only get an exception for this that lasts a short time.

Also - If databricks-jdbc was available in thin form on Maven, we would be able to fix it ourselves. Is that possible to do?

Thanks! - Lars

2 REPLIES 2

Hubert-Dudek
Esteemed Contributor III

I think you need to contact support or your sales representative from Databricks.

Anonymous
Not applicable

Hi @Lars Joreteg​ 

Does @Hubert Dudek​  response answer your question? If yes, would you be happy to mark it as best so that other members can find the solution more quickly?

We'd love to hear from you.

Thanks!

Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!