You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spark.apache.org by sr...@apache.org on 2021/04/08 15:45:25 UTC

[spark] branch branch-3.0 updated: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165

This is an automated email from the ASF dual-hosted git repository.

srowen pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/spark.git


The following commit(s) were added to refs/heads/branch-3.0 by this push:
     new bd972fe  [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165
bd972fe is described below

commit bd972fed00d5e5413f008b8168aeb381da91938b
Author: Kousuke Saruta <sa...@oss.nttdata.com>
AuthorDate: Thu Apr 8 10:41:43 2021 -0500

    [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165
    
    ### What changes were proposed in this pull request?
    
    This PR backports #32091.
    This PR upgrades the version of Jetty to 9.4.39.
    
    ### Why are the changes needed?
    
    CVE-2021-28165 affects the version of Jetty that Spark uses and it seems to be a little bit serious.
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165
    
    ### Does this PR introduce _any_ user-facing change?
    
    No.
    
    ### How was this patch tested?
    
    Existing tests.
    
    Closes #32094 from sarutak/SPARK-34988-branch-3.0.
    
    Authored-by: Kousuke Saruta <sa...@oss.nttdata.com>
    Signed-off-by: Sean Owen <sr...@gmail.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 1a42165..e501a2b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -140,7 +140,7 @@
     <orc.classifier></orc.classifier>
     <hive.parquet.group>com.twitter</hive.parquet.group>
     <hive.parquet.version>1.6.0</hive.parquet.version>
-    <jetty.version>9.4.36.v20210114</jetty.version>
+    <jetty.version>9.4.39.v20210325</jetty.version>
     <javaxservlet.version>3.1.0</javaxservlet.version>
     <chill.version>0.9.5</chill.version>
     <ivy.version>2.4.0</ivy.version>

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org