You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spark.apache.org by yu...@apache.org on 2023/06/16 15:30:00 UTC

[spark] branch master updated: [SPARK-44070][BUILD] Bump snappy-java 1.1.10.1

This is an automated email from the ASF dual-hosted git repository.

yumwang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git


The following commit(s) were added to refs/heads/master by this push:
     new 0502a42dda4 [SPARK-44070][BUILD] Bump snappy-java 1.1.10.1
0502a42dda4 is described below

commit 0502a42dda4d0822e2572a3d1ae6928d90b792a9
Author: Cheng Pan <ch...@apache.org>
AuthorDate: Fri Jun 16 23:29:48 2023 +0800

    [SPARK-44070][BUILD] Bump snappy-java 1.1.10.1
    
    ### What changes were proposed in this pull request?
    
    Bump snappy-java from 1.1.10.0 to 1.1.10.1.
    
    ### Why are the changes needed?
    
    This mostly is a security version, the notable changes are CVE fixing.
    
    - CVE-2023-34453 Integer overflow in shuffle
    - CVE-2023-34454 Integer overflow in compress
    - CVE-2023-34455 Unchecked chunk length
    
    Full changelog: https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1
    
    ### Does this PR introduce _any_ user-facing change?
    
    No.
    
    ### How was this patch tested?
    
    Pass GA.
    
    Closes #41616 from pan3793/SPARK-44070.
    
    Authored-by: Cheng Pan <ch...@apache.org>
    Signed-off-by: Yuming Wang <yu...@ebay.com>
---
 dev/deps/spark-deps-hadoop-3-hive-2.3 | 2 +-
 pom.xml                               | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3 b/dev/deps/spark-deps-hadoop-3-hive-2.3
index 3d429db7754..d9a5bf20eed 100644
--- a/dev/deps/spark-deps-hadoop-3-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-3-hive-2.3
@@ -234,7 +234,7 @@ shims/0.9.44//shims-0.9.44.jar
 slf4j-api/2.0.7//slf4j-api-2.0.7.jar
 snakeyaml-engine/2.6//snakeyaml-engine-2.6.jar
 snakeyaml/2.0//snakeyaml-2.0.jar
-snappy-java/1.1.10.0//snappy-java-1.1.10.0.jar
+snappy-java/1.1.10.1//snappy-java-1.1.10.1.jar
 spire-macros_2.12/0.17.0//spire-macros_2.12-0.17.0.jar
 spire-platform_2.12/0.17.0//spire-platform_2.12-0.17.0.jar
 spire-util_2.12/0.17.0//spire-util_2.12-0.17.0.jar
diff --git a/pom.xml b/pom.xml
index 43fcd47d4e2..b90ba9818ec 100644
--- a/pom.xml
+++ b/pom.xml
@@ -182,7 +182,7 @@
     <codehaus.jackson.version>1.9.13</codehaus.jackson.version>
     <fasterxml.jackson.version>2.15.2</fasterxml.jackson.version>
     <fasterxml.jackson.databind.version>2.15.2</fasterxml.jackson.databind.version>
-    <snappy.version>1.1.10.0</snappy.version>
+    <snappy.version>1.1.10.1</snappy.version>
     <netlib.ludovic.dev.version>3.0.3</netlib.ludovic.dev.version>
     <commons-codec.version>1.15</commons-codec.version>
     <commons-compress.version>1.23.0</commons-compress.version>


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org