[impala] 02/02: IMPALA-11229: Upgrade Spring framework to 5.3.18

[jo...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

joemcdonnell pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/impala.git

commit 3627b027fea9ba25f204f4166bce90d76e995724
Author: Joe McDonnell <jo...@cloudera.com>
AuthorDate: Wed Apr 6 09:49:34 2022 -0700

    IMPALA-11229: Upgrade Spring framework to 5.3.18
    
    This upgrade the Spring framework to 5.3.18 to
    address multiple CVEs:
     - CVE-2022-22965
     - CVE-2022-22950
     - CVE-2021-22060
    
    Testing:
     - Ran core job
     - Ran custom cluster tests in exhaustive mode
    
    Change-Id: Ie1b299c5b24e70c9db6eb0ce37fee9e32908423e
    Reviewed-on: http://gerrit.cloudera.org:8080/18405
    Tested-by: Impala Public Jenkins <im...@cloudera.com>
    Reviewed-by: Tamas Mate <tm...@apache.org>
---
 java/pom.xml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/java/pom.xml b/java/pom.xml
index 60109686a..dbb931325 100644
--- a/java/pom.xml
+++ b/java/pom.xml
@@ -69,12 +69,11 @@ under the License.
     <iceberg.version>${env.IMPALA_ICEBERG_VERSION}</iceberg.version>
     <pac4j.version>4.5.5</pac4j.version>
     <!-- xmlsec, bcprov-jdk15on and springframework are not used by Impala directly,
-         but they are needed by pac4j. This uses a newer xmlsec to address a CVE,
-         but bcprov-jdk15on and springframework versions match the versions from
-         pac4j 4.5.5. -->
+         but they are needed by pac4j. This uses a newer xmlsec/spring to address CVEs,
+         but bcprov-jdk15on matches the versions from pac4j 4.5.5. -->
     <xmlsec.version>2.2.3</xmlsec.version>
     <bcprov-jdk15on.version>1.68</bcprov-jdk15on.version>
-    <springframework.version>5.2.9.RELEASE</springframework.version>
+    <springframework.version>5.3.18</springframework.version>
     <json-smart.version>2.4.7</json-smart.version>
   </properties>