You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spark.apache.org by Stephen Hellberg <he...@uk.ibm.com> on 2016/07/01 16:03:20 UTC

Jetty 9.3 CVE to be avoided...

To anyone contemplating an upgrade of the Jetty component in use with Apache
Spark, please be aware of  CVE-2016-4800
<http://www.ocert.org/advisories/ocert-2016-001.html>  , and ensure that you
are attempting to only integrate a version of the Jetty 9.3 stream that is
*9.3.9* /or later/.

Hopefully forewarned is forearmed; no need to expose vulnerabilities
unnecessarily!  ;-)



--
View this message in context: http://apache-spark-developers-list.1001551.n3.nabble.com/Jetty-9-3-CVE-to-be-avoided-tp18151.html
Sent from the Apache Spark Developers List mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe e-mail: dev-unsubscribe@spark.apache.org