You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spark.apache.org by gu...@apache.org on 2021/02/20 03:44:06 UTC

[spark] branch branch-2.4 updated: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218

This is an automated email from the ASF dual-hosted git repository.

gurwls223 pushed a commit to branch branch-2.4
in repository https://gitbox.apache.org/repos/asf/spark.git


The following commit(s) were added to refs/heads/branch-2.4 by this push:
     new 9807250  [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218
9807250 is described below

commit 98072500bcda47c096de91cd0ef5c3e162114ffb
Author: Kousuke Saruta <sa...@oss.nttdata.com>
AuthorDate: Sat Feb 20 12:43:18 2021 +0900

    [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218
    
    ### What changes were proposed in this pull request?
    
    This PR backports #31574 (SPARK-34449) for `branch-2.4`, upgrading Jetty from `9.4.34` to `9.4.36`.
    
    ### Why are the changes needed?
    
    CVE-2020-27218 affects currently used Jetty 9.4.34.
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27218
    
    ### Does this PR introduce _any_ user-facing change?
    
    No.
    
    ### How was this patch tested?
    
    Jenkins and GA.
    
    Closes #31583 from sarutak/SPARK-34449-branch-2.4.
    
    Authored-by: Kousuke Saruta <sa...@oss.nttdata.com>
    Signed-off-by: HyukjinKwon <gu...@apache.org>
---
 dev/deps/spark-deps-hadoop-3.1 | 4 ++--
 pom.xml                        | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/dev/deps/spark-deps-hadoop-3.1 b/dev/deps/spark-deps-hadoop-3.1
index 77fb360..59d6565 100644
--- a/dev/deps/spark-deps-hadoop-3.1
+++ b/dev/deps/spark-deps-hadoop-3.1
@@ -116,8 +116,8 @@ jersey-container-servlet/2.22.2//jersey-container-servlet-2.22.2.jar
 jersey-guava/2.22.2//jersey-guava-2.22.2.jar
 jersey-media-jaxb/2.22.2//jersey-media-jaxb-2.22.2.jar
 jersey-server/2.22.2//jersey-server-2.22.2.jar
-jetty-webapp/9.4.34.v20201102//jetty-webapp-9.4.34.v20201102.jar
-jetty-xml/9.4.34.v20201102//jetty-xml-9.4.34.v20201102.jar
+jetty-webapp/9.4.36.v20210114//jetty-webapp-9.4.36.v20210114.jar
+jetty-xml/9.4.36.v20210114//jetty-xml-9.4.36.v20210114.jar
 jline/2.14.6//jline-2.14.6.jar
 joda-time/2.9.3//joda-time-2.9.3.jar
 jodd-core/3.5.2//jodd-core-3.5.2.jar
diff --git a/pom.xml b/pom.xml
index a548034..54f9edb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -134,7 +134,7 @@
     <orc.version>1.5.5</orc.version>
     <orc.classifier>nohive</orc.classifier>
     <hive.parquet.version>1.6.0</hive.parquet.version>
-    <jetty.version>9.4.34.v20201102</jetty.version>
+    <jetty.version>9.4.36.v20210114</jetty.version>
     <javaxservlet.version>3.1.0</javaxservlet.version>
     <chill.version>0.9.3</chill.version>
     <ivy.version>2.4.0</ivy.version>


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org