You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by jo...@apache.org on 2022/04/13 15:30:36 UTC
[impala] 02/02: IMPALA-11229: Upgrade Spring framework to 5.3.18
This is an automated email from the ASF dual-hosted git repository.
joemcdonnell pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/impala.git
commit 3627b027fea9ba25f204f4166bce90d76e995724
Author: Joe McDonnell <jo...@cloudera.com>
AuthorDate: Wed Apr 6 09:49:34 2022 -0700
IMPALA-11229: Upgrade Spring framework to 5.3.18
This upgrade the Spring framework to 5.3.18 to
address multiple CVEs:
- CVE-2022-22965
- CVE-2022-22950
- CVE-2021-22060
Testing:
- Ran core job
- Ran custom cluster tests in exhaustive mode
Change-Id: Ie1b299c5b24e70c9db6eb0ce37fee9e32908423e
Reviewed-on: http://gerrit.cloudera.org:8080/18405
Tested-by: Impala Public Jenkins <im...@cloudera.com>
Reviewed-by: Tamas Mate <tm...@apache.org>
---
java/pom.xml | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/java/pom.xml b/java/pom.xml
index 60109686a..dbb931325 100644
--- a/java/pom.xml
+++ b/java/pom.xml
@@ -69,12 +69,11 @@ under the License.
<iceberg.version>${env.IMPALA_ICEBERG_VERSION}</iceberg.version>
<pac4j.version>4.5.5</pac4j.version>
<!-- xmlsec, bcprov-jdk15on and springframework are not used by Impala directly,
- but they are needed by pac4j. This uses a newer xmlsec to address a CVE,
- but bcprov-jdk15on and springframework versions match the versions from
- pac4j 4.5.5. -->
+ but they are needed by pac4j. This uses a newer xmlsec/spring to address CVEs,
+ but bcprov-jdk15on matches the versions from pac4j 4.5.5. -->
<xmlsec.version>2.2.3</xmlsec.version>
<bcprov-jdk15on.version>1.68</bcprov-jdk15on.version>
- <springframework.version>5.2.9.RELEASE</springframework.version>
+ <springframework.version>5.3.18</springframework.version>
<json-smart.version>2.4.7</json-smart.version>
</properties>