spark git commit: [SPARK-11652][CORE] Remote code execution with InvokerTransformer

Wed, 18 Nov 2015 01:00:12 -0800 

Repository: spark
Updated Branches:
  refs/heads/master e62820c85 -> 9631ca352


[SPARK-11652][CORE] Remote code execution with InvokerTransformer

Update to Commons Collections 3.2.2 to avoid any potential remote code 
execution vulnerability

Author: Sean Owen <so...@cloudera.com>

Closes #9731 from srowen/SPARK-11652.


Project: http://git-wip-us.apache.org/repos/asf/spark/repo
Commit: http://git-wip-us.apache.org/repos/asf/spark/commit/9631ca35
Tree: http://git-wip-us.apache.org/repos/asf/spark/tree/9631ca35
Diff: http://git-wip-us.apache.org/repos/asf/spark/diff/9631ca35

Branch: refs/heads/master
Commit: 9631ca35275b0ce8a5219f975907ac36ed11f528
Parents: e62820c
Author: Sean Owen <so...@cloudera.com>
Authored: Wed Nov 18 08:59:20 2015 +0000
Committer: Sean Owen <so...@cloudera.com>
Committed: Wed Nov 18 08:59:20 2015 +0000

----------------------------------------------------------------------
 pom.xml | 7 +++++++
 1 file changed, 7 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/spark/blob/9631ca35/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 940e2d8..ad84911 100644
--- a/pom.xml
+++ b/pom.xml
@@ -162,6 +162,8 @@
     <!--  commons-httpclient/commons-httpclient-->
     <httpclient.classic.version>3.1</httpclient.classic.version>
     <commons.math3.version>3.4.1</commons.math3.version>
+    <!-- managed up from 3.2.1 for SPARK-11652 -->
+    <commons.collections.version>3.2.2</commons.collections.version>
     <scala.version>2.10.5</scala.version>
     <scala.binary.version>2.10</scala.binary.version>
     <jline.version>${scala.version}</jline.version>
@@ -476,6 +478,11 @@
         <version>${commons.math3.version}</version>
       </dependency>
       <dependency>
+        <groupId>org.apache.commons</groupId>
+        <artifactId>commons-collections</artifactId>
+        <version>${commons.collections.version}</version>
+      </dependency>
+      <dependency>
         <groupId>org.apache.ivy</groupId>
         <artifactId>ivy</artifactId>
         <version>${ivy.version}</version>


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org
For additional commands, e-mail: commits-h...@spark.apache.org

Reply via email to