You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Apache Spark (Jira)" <ji...@apache.org> on 2021/05/17 22:31:00 UTC
[jira] [Assigned] (SPARK-35429) Remove commons-httpclient due to
EOL and CVEs
[ https://issues.apache.org/jira/browse/SPARK-35429?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Apache Spark reassigned SPARK-35429:
------------------------------------
Assignee: (was: Apache Spark)
> Remove commons-httpclient due to EOL and CVEs
> ---------------------------------------------
>
> Key: SPARK-35429
> URL: https://issues.apache.org/jira/browse/SPARK-35429
> Project: Spark
> Issue Type: Task
> Components: Spark Core, SQL
> Affects Versions: 3.0.0, 3.1.1
> Reporter: Sumeet
> Priority: Major
>
> Spark is pulling in commons-httpclient as a dependency directly. See dependency:tree:
> {code:java}
> ./build/mvn dependency:tree | grep -i "commons-httpclient"
> Using `mvn` from path: /Users/sumeet.gajjar/cloudera/upstream-spark/build/apache-maven-3.6.3/bin/mvn
> [INFO] +- commons-httpclient:commons-httpclient:jar:3.1:compile
> [INFO] | +- commons-httpclient:commons-httpclient:jar:3.1:provided
> {code}
> commons-httpclient went EOL years ago and there are most likely CVEs not being reported against it, thus we should remove it.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org