You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spark.apache.org by yu...@apache.org on 2023/06/16 15:30:00 UTC
[spark] branch master updated: [SPARK-44070][BUILD] Bump snappy-java 1.1.10.1
This is an automated email from the ASF dual-hosted git repository.
yumwang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push:
new 0502a42dda4 [SPARK-44070][BUILD] Bump snappy-java 1.1.10.1
0502a42dda4 is described below
commit 0502a42dda4d0822e2572a3d1ae6928d90b792a9
Author: Cheng Pan <ch...@apache.org>
AuthorDate: Fri Jun 16 23:29:48 2023 +0800
[SPARK-44070][BUILD] Bump snappy-java 1.1.10.1
### What changes were proposed in this pull request?
Bump snappy-java from 1.1.10.0 to 1.1.10.1.
### Why are the changes needed?
This mostly is a security version, the notable changes are CVE fixing.
- CVE-2023-34453 Integer overflow in shuffle
- CVE-2023-34454 Integer overflow in compress
- CVE-2023-34455 Unchecked chunk length
Full changelog: https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1
### Does this PR introduce _any_ user-facing change?
No.
### How was this patch tested?
Pass GA.
Closes #41616 from pan3793/SPARK-44070.
Authored-by: Cheng Pan <ch...@apache.org>
Signed-off-by: Yuming Wang <yu...@ebay.com>
---
dev/deps/spark-deps-hadoop-3-hive-2.3 | 2 +-
pom.xml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3 b/dev/deps/spark-deps-hadoop-3-hive-2.3
index 3d429db7754..d9a5bf20eed 100644
--- a/dev/deps/spark-deps-hadoop-3-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-3-hive-2.3
@@ -234,7 +234,7 @@ shims/0.9.44//shims-0.9.44.jar
slf4j-api/2.0.7//slf4j-api-2.0.7.jar
snakeyaml-engine/2.6//snakeyaml-engine-2.6.jar
snakeyaml/2.0//snakeyaml-2.0.jar
-snappy-java/1.1.10.0//snappy-java-1.1.10.0.jar
+snappy-java/1.1.10.1//snappy-java-1.1.10.1.jar
spire-macros_2.12/0.17.0//spire-macros_2.12-0.17.0.jar
spire-platform_2.12/0.17.0//spire-platform_2.12-0.17.0.jar
spire-util_2.12/0.17.0//spire-util_2.12-0.17.0.jar
diff --git a/pom.xml b/pom.xml
index 43fcd47d4e2..b90ba9818ec 100644
--- a/pom.xml
+++ b/pom.xml
@@ -182,7 +182,7 @@
<codehaus.jackson.version>1.9.13</codehaus.jackson.version>
<fasterxml.jackson.version>2.15.2</fasterxml.jackson.version>
<fasterxml.jackson.databind.version>2.15.2</fasterxml.jackson.databind.version>
- <snappy.version>1.1.10.0</snappy.version>
+ <snappy.version>1.1.10.1</snappy.version>
<netlib.ludovic.dev.version>3.0.3</netlib.ludovic.dev.version>
<commons-codec.version>1.15</commons-codec.version>
<commons-compress.version>1.23.0</commons-compress.version>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org