Repository: spark Updated Branches: refs/heads/branch-1.5 f7a7230f3 -> 0ed6d9cf3
[SPARK-11652][CORE] Remote code execution with InvokerTransformer Update to Commons Collections 3.2.2 to avoid any potential remote code execution vulnerability Author: Sean Owen <[email protected]> Closes #9731 from srowen/SPARK-11652. (cherry picked from commit 9631ca35275b0ce8a5219f975907ac36ed11f528) Signed-off-by: Sean Owen <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/spark/repo Commit: http://git-wip-us.apache.org/repos/asf/spark/commit/0ed6d9cf Tree: http://git-wip-us.apache.org/repos/asf/spark/tree/0ed6d9cf Diff: http://git-wip-us.apache.org/repos/asf/spark/diff/0ed6d9cf Branch: refs/heads/branch-1.5 Commit: 0ed6d9cf3aa0c2b4c09ac297408e91a52de3961c Parents: f7a7230 Author: Sean Owen <[email protected]> Authored: Wed Nov 18 08:59:20 2015 +0000 Committer: Sean Owen <[email protected]> Committed: Wed Nov 18 09:00:49 2015 +0000 ---------------------------------------------------------------------- pom.xml | 7 +++++++ 1 file changed, 7 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/spark/blob/0ed6d9cf/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 24cdd05..df18ce1 100644 --- a/pom.xml +++ b/pom.xml @@ -158,6 +158,8 @@ <!-- commons-httpclient/commons-httpclient--> <httpclient.classic.version>3.1</httpclient.classic.version> <commons.math3.version>3.4.1</commons.math3.version> + <!-- managed up from 3.2.1 for SPARK-11652 --> + <commons.collections.version>3.2.2</commons.collections.version> <scala.version>2.10.4</scala.version> <scala.binary.version>2.10</scala.binary.version> <jline.version>${scala.version}</jline.version> @@ -447,6 +449,11 @@ <version>${commons.math3.version}</version> </dependency> <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-collections</artifactId> + <version>${commons.collections.version}</version> + </dependency> + <dependency> <groupId>org.apache.ivy</groupId> <artifactId>ivy</artifactId> <version>${ivy.version}</version> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
