You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Sumeet (Jira)" <ji...@apache.org> on 2021/05/17 22:34:01 UTC

[jira] [Updated] (SPARK-35429) Remove commons-httpclient due to EOL and CVEs

     [ https://issues.apache.org/jira/browse/SPARK-35429?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sumeet updated SPARK-35429:
---------------------------
    Affects Version/s: 3.2.0

> Remove commons-httpclient due to EOL and CVEs
> ---------------------------------------------
>
>                 Key: SPARK-35429
>                 URL: https://issues.apache.org/jira/browse/SPARK-35429
>             Project: Spark
>          Issue Type: Task
>          Components: Spark Core, SQL
>    Affects Versions: 3.0.0, 3.1.1, 3.2.0
>            Reporter: Sumeet
>            Priority: Major
>
> Spark is pulling in commons-httpclient as a dependency directly. See dependency:tree:
> {code:java}
>  ./build/mvn dependency:tree | grep -i "commons-httpclient"                                                                                       
> Using `mvn` from path: /Users/sumeet.gajjar/cloudera/upstream-spark/build/apache-maven-3.6.3/bin/mvn
> [INFO] +- commons-httpclient:commons-httpclient:jar:3.1:compile
> [INFO] |  +- commons-httpclient:commons-httpclient:jar:3.1:provided
> {code}
> commons-httpclient went EOL years ago and there are most likely CVEs not being reported against it, thus we should remove it.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org