Databricks-jdbc and vulnerabilities CVE-2022-42004, CVE-2022-42003
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2022 02:04 PM
The latest version of Databricks-jdbc available through Maven (2.6.29) now has these two vulnerabilities:
All due to depending on and including in the jar the library jackson-databind 2.13.2.2.
Is there a possibility to have a new updated version of Databricks-jdbc that uses jackson 2.14.0-rc1? (the currently only jackson-databind version that passes the two vulnerability checks above)
We are currently using the databricks-jdbc driver in an environment where we can only get an exception for this that lasts a short time.
Also - If databricks-jdbc was available in thin form on Maven, we would be able to fix it ourselves. Is that possible to do?
Thanks! - Lars
- Labels:
-
Databricks Error Message
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2022 03:26 AM
I think you need to contact support or your sales representative from Databricks.
My blog: https://databrickster.medium.com/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2022 09:06 PM
Hi @Lars Joreteg
Does @Hubert Dudek response answer your question? If yes, would you be happy to mark it as best so that other members can find the solution more quickly?
We'd love to hear from you.
Thanks!
