You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spark.apache.org by sr...@apache.org on 2019/09/30 13:16:58 UTC
[spark] branch master updated: [SPARK-29252][BUILD] Upgrade
zookeeper to 3.4.14 and fix vulnerabilities
This is an automated email from the ASF dual-hosted git repository.
srowen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push:
new 1018390 [SPARK-29252][BUILD] Upgrade zookeeper to 3.4.14 and fix vulnerabilities
1018390 is described below
commit 101839054276bfd52fdc29a98ffbf8e5c0383426
Author: gengjiaan <ge...@360.cn>
AuthorDate: Mon Sep 30 08:16:32 2019 -0500
[SPARK-29252][BUILD] Upgrade zookeeper to 3.4.14 and fix vulnerabilities
### What changes were proposed in this pull request?
The current code uses org.apache.zookeeper:zookeeper:jar:3.4.6 and it will cause a security vulnerabilities. We could get some security info from https://www.tenable.com/cve/CVE-2019-0201
This reference remind to upgrate the version of `zookeeper` to 3.4.14 or later.
### Why are the changes needed?
This PR fix the security vulnerabilities.
### Does this PR introduce any user-facing change?
No.
### How was this patch tested?
Exists UT.
Closes #25933 from beliefer/upgrade-zookeeper.
Authored-by: gengjiaan <ge...@360.cn>
Signed-off-by: Sean Owen <se...@databricks.com>
---
NOTICE-binary | 6 ++++++
dev/deps/spark-deps-hadoop-2.7 | 3 ++-
dev/deps/spark-deps-hadoop-3.2 | 2 +-
pom.xml | 7 +++++--
4 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/NOTICE-binary b/NOTICE-binary
index 4dfcca1..00d6f8d 100644
--- a/NOTICE-binary
+++ b/NOTICE-binary
@@ -1365,3 +1365,9 @@ Copyright (C) 2000-2007 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
+
+Apache Yetus - Audience Annotations
+Copyright 2015-2017 The Apache Software Foundation
+
+This product includes software developed at
+The Apache Software Foundation (http://www.apache.org/).
diff --git a/dev/deps/spark-deps-hadoop-2.7 b/dev/deps/spark-deps-hadoop-2.7
index 5c74246..4ba8f5c 100644
--- a/dev/deps/spark-deps-hadoop-2.7
+++ b/dev/deps/spark-deps-hadoop-2.7
@@ -20,6 +20,7 @@ arpack_combined_all-0.1.jar
arrow-format-0.12.0.jar
arrow-memory-0.12.0.jar
arrow-vector-0.12.0.jar
+audience-annotations-0.5.0.jar
automaton-1.11-8.jar
avro-1.8.2.jar
avro-ipc-1.8.2.jar
@@ -204,5 +205,5 @@ xercesImpl-2.9.1.jar
xmlenc-0.52.jar
xz-1.5.jar
zjsonpatch-0.3.0.jar
-zookeeper-3.4.6.jar
+zookeeper-3.4.14.jar
zstd-jni-1.4.2-1.jar
diff --git a/dev/deps/spark-deps-hadoop-3.2 b/dev/deps/spark-deps-hadoop-3.2
index bc52007..2c797d4 100644
--- a/dev/deps/spark-deps-hadoop-3.2
+++ b/dev/deps/spark-deps-hadoop-3.2
@@ -223,5 +223,5 @@ woodstox-core-5.0.3.jar
xbean-asm7-shaded-4.14.jar
xz-1.5.jar
zjsonpatch-0.3.0.jar
-zookeeper-3.4.13.jar
+zookeeper-3.4.14.jar
zstd-jni-1.4.2-1.jar
diff --git a/pom.xml b/pom.xml
index 8aa0c9d..4c968ee 100644
--- a/pom.xml
+++ b/pom.xml
@@ -125,7 +125,7 @@
<hadoop.version>2.7.4</hadoop.version>
<protobuf.version>2.5.0</protobuf.version>
<yarn.version>${hadoop.version}</yarn.version>
- <zookeeper.version>3.4.6</zookeeper.version>
+ <zookeeper.version>3.4.14</zookeeper.version>
<curator.version>2.7.1</curator.version>
<okapi.version>0.4.2</okapi.version>
<hive.group>org.spark-project.hive</hive.group>
@@ -1337,6 +1337,10 @@
<groupId>io.netty</groupId>
<artifactId>netty</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.github.spotbugs</groupId>
+ <artifactId>spotbugs-annotations</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -2910,7 +2914,6 @@
<properties>
<hadoop.version>3.2.0</hadoop.version>
<curator.version>2.13.0</curator.version>
- <zookeeper.version>3.4.13</zookeeper.version>
<hive.group>org.apache.hive</hive.group>
<hive.classifier>core</hive.classifier>
<hive.version>${hive23.version}</hive.version>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org