You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by "Jason-Morries Adam (Jira)" <ji...@apache.org> on 2022/04/12 13:38:00 UTC

[jira] [Created] (ZEPPELIN-5714) Upgrade Spring Framework in zeppelin-livy-0.10.x.jar

Jason-Morries Adam created ZEPPELIN-5714:
--------------------------------------------

             Summary: Upgrade Spring Framework in zeppelin-livy-0.10.x.jar
                 Key: ZEPPELIN-5714
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5714
             Project: Zeppelin
          Issue Type: Bug
          Components: livy-interpreter
    Affects Versions: 0.10.1, 0.10.0
            Reporter: Jason-Morries Adam
             Fix For: 0.11.0


We should upgrade the Spring version at Zepelin Livy jar because of cve-2022-22965. The Qualys Scanner finds these packages and raises a warning because of the existence of these files on the system. 

The found files are: /usr/lib/zeppelin/interpreter/livy/zeppelin-livy-0.10.0.jar (org/springframework/beans/CachedIntrospectionResults.class): CachedIntrospectionResults.class spring 4.3.0-4.3.2

More Information: 
Spring Framework: [https://spring.io/projects/spring-framework]
Spring project spring-framework release notes: [https://github.com/spring-projects/spring-framework/releases]
CVE-2022-22965: [https://tanzu.vmware.com/security/cve-2022-22965]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)