You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spark.apache.org by yu...@apache.org on 2023/06/16 15:50:13 UTC
[spark] 01/01: [SPARK-44070][BUILD] Bump snappy-java 1.1.10.1
This is an automated email from the ASF dual-hosted git repository.
yumwang pushed a commit to branch branch-3.4
in repository https://gitbox.apache.org/repos/asf/spark.git
commit 89bfb1ffe6c1df53a307b55ccf87e1a4d265a76a
Author: Yuming Wang <yu...@ebay.com>
AuthorDate: Fri Jun 16 23:49:30 2023 +0800
[SPARK-44070][BUILD] Bump snappy-java 1.1.10.1
### What changes were proposed in this pull request?
Bump snappy-java from 1.1.10.0 to 1.1.10.1.
### Why are the changes needed?
This mostly is a security version, the notable changes are CVE fixing.
- CVE-2023-34453 Integer overflow in shuffle
- CVE-2023-34454 Integer overflow in compress
- CVE-2023-34455 Unchecked chunk length
Full changelog: https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1
### Does this PR introduce _any_ user-facing change?
No.
### How was this patch tested?
Pass GA.
Closes #41616 from pan3793/SPARK-44070.
Authored-by: Cheng Pan <ch...@apache.org>
Signed-off-by: Yuming Wang <yu...@ebay.com>
(cherry picked from commit 0502a42dda4d0822e2572a3d1ae6928d90b792a9)
Signed-off-by: Yuming Wang <yu...@ebay.com>
---
dev/deps/spark-deps-hadoop-2-hive-2.3 | 2 +-
dev/deps/spark-deps-hadoop-3-hive-2.3 | 2 +-
pom.xml | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/dev/deps/spark-deps-hadoop-2-hive-2.3 b/dev/deps/spark-deps-hadoop-2-hive-2.3
index 340f08d5863..358fcda921e 100644
--- a/dev/deps/spark-deps-hadoop-2-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-2-hive-2.3
@@ -248,7 +248,7 @@ scala-xml_2.12/2.1.0//scala-xml_2.12-2.1.0.jar
shims/0.9.38//shims-0.9.38.jar
slf4j-api/2.0.6//slf4j-api-2.0.6.jar
snakeyaml/1.33//snakeyaml-1.33.jar
-snappy-java/1.1.10.0//snappy-java-1.1.10.0.jar
+snappy-java/1.1.10.1//snappy-java-1.1.10.1.jar
spire-macros_2.12/0.17.0//spire-macros_2.12-0.17.0.jar
spire-platform_2.12/0.17.0//spire-platform_2.12-0.17.0.jar
spire-util_2.12/0.17.0//spire-util_2.12-0.17.0.jar
diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3 b/dev/deps/spark-deps-hadoop-3-hive-2.3
index 5f85a8eae2f..d34ebb1067e 100644
--- a/dev/deps/spark-deps-hadoop-3-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-3-hive-2.3
@@ -235,7 +235,7 @@ scala-xml_2.12/2.1.0//scala-xml_2.12-2.1.0.jar
shims/0.9.38//shims-0.9.38.jar
slf4j-api/2.0.6//slf4j-api-2.0.6.jar
snakeyaml/1.33//snakeyaml-1.33.jar
-snappy-java/1.1.10.0//snappy-java-1.1.10.0.jar
+snappy-java/1.1.10.1//snappy-java-1.1.10.1.jar
spire-macros_2.12/0.17.0//spire-macros_2.12-0.17.0.jar
spire-platform_2.12/0.17.0//spire-platform_2.12-0.17.0.jar
spire-util_2.12/0.17.0//spire-util_2.12-0.17.0.jar
diff --git a/pom.xml b/pom.xml
index e4624ba6c4f..46874dca5b2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -185,7 +185,7 @@
<codehaus.jackson.version>1.9.13</codehaus.jackson.version>
<fasterxml.jackson.version>2.14.2</fasterxml.jackson.version>
<fasterxml.jackson.databind.version>2.14.2</fasterxml.jackson.databind.version>
- <snappy.version>1.1.10.0</snappy.version>
+ <snappy.version>1.1.10.1</snappy.version>
<netlib.ludovic.dev.version>3.0.3</netlib.ludovic.dev.version>
<commons-codec.version>1.15</commons-codec.version>
<commons-compress.version>1.22</commons-compress.version>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org