You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@impala.apache.org by ar...@apache.org on 2022/10/06 00:19:05 UTC

[impala] 01/02: IMPALA-11639: Upgrade Spring framework to 5.3.20

This is an automated email from the ASF dual-hosted git repository.

arawat pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/impala.git

commit 010f1b943c57178b26b86361cefe5a4f4273714d
Author: wzhou-code <wz...@cloudera.com>
AuthorDate: Tue Oct 4 12:33:30 2022 -0700

    IMPALA-11639: Upgrade Spring framework to 5.3.20
    
    This patch upgrade the Spring framework to 5.3.20 to
    address multiple CVEs:
     - CVE-2022-22971
     - CVE-2022-22968
     - CVE-2022-22970
    
    Testing:
     - Ran core job
     - Ran custom cluster tests in exhaustive mode
    
    Change-Id: I33f4f1d22fc27227e31d744658a17c16b61b9677
    Reviewed-on: http://gerrit.cloudera.org:8080/19091
    Reviewed-by: Joe McDonnell <jo...@cloudera.com>
    Tested-by: Impala Public Jenkins <im...@cloudera.com>
---
 java/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/pom.xml b/java/pom.xml
index 5e0e6356a..d3d49ff91 100644
--- a/java/pom.xml
+++ b/java/pom.xml
@@ -74,7 +74,7 @@ under the License.
          but bcprov-jdk15on matches the versions from pac4j 4.5.5. -->
     <xmlsec.version>2.2.3</xmlsec.version>
     <bcprov-jdk15on.version>1.68</bcprov-jdk15on.version>
-    <springframework.version>5.3.18</springframework.version>
+    <springframework.version>5.3.20</springframework.version>
     <json-smart.version>2.4.7</json-smart.version>
   </properties>