You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@spark.apache.org by GitBox <gi...@apache.org> on 2021/02/08 16:27:40 UTC

[GitHub] [spark] ssainz opened a new pull request #31528: Spark 34403

ssainz opened a new pull request #31528:
URL: https://github.com/apache/spark/pull/31528


   ### What changes were proposed in this pull request?
   Remove below dependency:
   ```
   <dependency>
     <groupId>commons-httpclient</groupId>
     <artifactId>commons-httpclient</artifactId>
   </dependency>
   ```
   Is unsafe due to CVE-2012-6153 and CVE-2012-6153. Also, there is no code calling these libs (`org.apache.commons.httpclient`). 
   
   
   ### Why are the changes needed?
   Is unsafe due to CVE-2012-6153 and CVE-2012-6153. Also, there is no code calling these libs (`org.apache.commons.httpclient`). 
   
   
   ### Does this PR introduce _any_ user-facing change?
   No
   
   
   ### How was this patch tested?
   Run ```spark/sql/hive$mvn compile test``` result is SUCCESS
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] LuciferYang commented on pull request #31528: [SPARK-34403][SQL]Remove dependency to commons-httpclient

Posted by GitBox <gi...@apache.org>.

LuciferYang commented on pull request #31528:
URL: https://github.com/apache/spark/pull/31528#issuecomment-776402316


   Does spark really no longer need the dependency of `commons-httpclient`？ @ssainz Can you explain why？
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] wangyum commented on pull request #31528: [SPARK-34403][SQL]Remove dependency to commons-httpclient

Posted by GitBox <gi...@apache.org>.

wangyum commented on pull request #31528:
URL: https://github.com/apache/spark/pull/31528#issuecomment-782051360


   @ssainz Would you like backport HIVE-19228 to branch-3.0, branch-2 and branch-2.3? https://issues.apache.org/jira/browse/HIVE-24760


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] LuciferYang commented on pull request #31528: [SPARK-34403][SQL]Remove dependency to commons-httpclient

Posted by GitBox <gi...@apache.org>.

LuciferYang commented on pull request #31528:
URL: https://github.com/apache/spark/pull/31528#issuecomment-776475281


   > hive-exec need this dependency.
   
   Will this class actually be loaded by the JVM? Need to wait hive upgrades this dependency first?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] ssainz commented on pull request #31528: [SPARK-34403][SQL]Remove dependency to commons-httpclient

Posted by GitBox <gi...@apache.org>.

ssainz commented on pull request #31528:
URL: https://github.com/apache/spark/pull/31528#issuecomment-778323880


   Hi @LuciferYang - I searched through the spark source code and could not find usages. I did not search the dependencies though. In case `hive-exec` uses it, I think we need to upgrade that one first. 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] ssainz edited a comment on pull request #31528: [SPARK-34403][SQL]Remove dependency to commons-httpclient

Posted by GitBox <gi...@apache.org>.

ssainz edited a comment on pull request #31528:
URL: https://github.com/apache/spark/pull/31528#issuecomment-778323880


   Hi @LuciferYang - I searched through the spark source code and could not find usages. I did not search in the dependencies source code though. Because `hive-exec` uses it, I think we need to upgrade that one first. Let me investigate how to upgrade `hive-exec` .


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] AmplabJenkins commented on pull request #31528: Spark 34403

Posted by GitBox <gi...@apache.org>.

AmplabJenkins commented on pull request #31528:
URL: https://github.com/apache/spark/pull/31528#issuecomment-775269050


   Can one of the admins verify this patch?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] wangyum commented on pull request #31528: [SPARK-34403][SQL]Remove dependency to commons-httpclient

Posted by GitBox <gi...@apache.org>.

wangyum commented on pull request #31528:
URL: https://github.com/apache/spark/pull/31528#issuecomment-776414106


   [`hive-exec`](https://github.com/apache/hive/blob/rel/release-2.3.8/ql/src/java/org/apache/hadoop/hive/ql/parse/LoadSemanticAnalyzer.java#L34) need this dependency.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] ssainz edited a comment on pull request #31528: [SPARK-34403][SQL]Remove dependency to commons-httpclient

Posted by GitBox <gi...@apache.org>.

ssainz edited a comment on pull request #31528:
URL: https://github.com/apache/spark/pull/31528#issuecomment-778323880


   Hi @LuciferYang - I searched through the spark source code and could not find usages. I did not search in the dependencies' source code though. Because `hive-exec` uses it, I think we need to upgrade that one first. Let me investigate how to upgrade `hive-exec` .


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] dongjoon-hyun closed pull request #31528: [SPARK-34403][SQL]Remove dependency to commons-httpclient

Posted by GitBox <gi...@apache.org>.

dongjoon-hyun closed pull request #31528:
URL: https://github.com/apache/spark/pull/31528


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] dongjoon-hyun commented on pull request #31528: [SPARK-34403][SQL]Remove dependency to commons-httpclient

Posted by GitBox <gi...@apache.org>.

dongjoon-hyun commented on pull request #31528:
URL: https://github.com/apache/spark/pull/31528#issuecomment-778529007


   Thank you, @ssainz and all.
   I'll close this PR for now. Feel free to reopen this when you have an update.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] sunchao commented on pull request #31528: [SPARK-34403][SQL]Remove dependency to commons-httpclient

Posted by GitBox <gi...@apache.org>.

sunchao commented on pull request #31528:
URL: https://github.com/apache/spark/pull/31528#issuecomment-842918643


   Let me try backporting HIVE-19228 to branch-2.3: https://github.com/apache/hive/pull/2287


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org