Repository: spark Updated Branches: refs/heads/master 7c33b0fd0 -> 553aac56b
[SPARK-18586][BUILD] netty-3.8.0.Final.jar has vulnerability CVE-2014-3488 and CVE-2014-0193 ## What changes were proposed in this pull request? Force update to latest Netty 3.9.x, for dependencies like Flume, to resolve two CVEs. 3.9.2 is the first version that resolves both, and, this is the latest in the 3.9.x line. ## How was this patch tested? Existing tests Author: Sean Owen <[email protected]> Closes #16102 from srowen/SPARK-18586. Project: http://git-wip-us.apache.org/repos/asf/spark/repo Commit: http://git-wip-us.apache.org/repos/asf/spark/commit/553aac56 Tree: http://git-wip-us.apache.org/repos/asf/spark/tree/553aac56 Diff: http://git-wip-us.apache.org/repos/asf/spark/diff/553aac56 Branch: refs/heads/master Commit: 553aac56bd5284e84391c05e2ef54d8bd7ad3a12 Parents: 7c33b0f Author: Sean Owen <[email protected]> Authored: Sat Dec 3 09:53:47 2016 +0000 Committer: Sean Owen <[email protected]> Committed: Sat Dec 3 09:53:47 2016 +0000 ---------------------------------------------------------------------- dev/deps/spark-deps-hadoop-2.2 | 2 +- dev/deps/spark-deps-hadoop-2.3 | 2 +- dev/deps/spark-deps-hadoop-2.4 | 2 +- dev/deps/spark-deps-hadoop-2.6 | 2 +- dev/deps/spark-deps-hadoop-2.7 | 2 +- pom.xml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/spark/blob/553aac56/dev/deps/spark-deps-hadoop-2.2 ---------------------------------------------------------------------- diff --git a/dev/deps/spark-deps-hadoop-2.2 b/dev/deps/spark-deps-hadoop-2.2 index 89bfcef..afbdae0 100644 --- a/dev/deps/spark-deps-hadoop-2.2 +++ b/dev/deps/spark-deps-hadoop-2.2 @@ -122,7 +122,7 @@ metrics-graphite-3.1.2.jar metrics-json-3.1.2.jar metrics-jvm-3.1.2.jar minlog-1.3.0.jar -netty-3.8.0.Final.jar +netty-3.9.9.Final.jar netty-all-4.0.42.Final.jar objenesis-2.1.jar opencsv-2.3.jar http://git-wip-us.apache.org/repos/asf/spark/blob/553aac56/dev/deps/spark-deps-hadoop-2.3 ---------------------------------------------------------------------- diff --git a/dev/deps/spark-deps-hadoop-2.3 b/dev/deps/spark-deps-hadoop-2.3 index 8df3858..adf3863 100644 --- a/dev/deps/spark-deps-hadoop-2.3 +++ b/dev/deps/spark-deps-hadoop-2.3 @@ -129,7 +129,7 @@ metrics-json-3.1.2.jar metrics-jvm-3.1.2.jar minlog-1.3.0.jar mx4j-3.0.2.jar -netty-3.8.0.Final.jar +netty-3.9.9.Final.jar netty-all-4.0.42.Final.jar objenesis-2.1.jar opencsv-2.3.jar http://git-wip-us.apache.org/repos/asf/spark/blob/553aac56/dev/deps/spark-deps-hadoop-2.4 ---------------------------------------------------------------------- diff --git a/dev/deps/spark-deps-hadoop-2.4 b/dev/deps/spark-deps-hadoop-2.4 index 71e7fb6..88e6b3f 100644 --- a/dev/deps/spark-deps-hadoop-2.4 +++ b/dev/deps/spark-deps-hadoop-2.4 @@ -129,7 +129,7 @@ metrics-json-3.1.2.jar metrics-jvm-3.1.2.jar minlog-1.3.0.jar mx4j-3.0.2.jar -netty-3.8.0.Final.jar +netty-3.9.9.Final.jar netty-all-4.0.42.Final.jar objenesis-2.1.jar opencsv-2.3.jar http://git-wip-us.apache.org/repos/asf/spark/blob/553aac56/dev/deps/spark-deps-hadoop-2.6 ---------------------------------------------------------------------- diff --git a/dev/deps/spark-deps-hadoop-2.6 b/dev/deps/spark-deps-hadoop-2.6 index ba31391..15c5d9f 100644 --- a/dev/deps/spark-deps-hadoop-2.6 +++ b/dev/deps/spark-deps-hadoop-2.6 @@ -137,7 +137,7 @@ metrics-json-3.1.2.jar metrics-jvm-3.1.2.jar minlog-1.3.0.jar mx4j-3.0.2.jar -netty-3.8.0.Final.jar +netty-3.9.9.Final.jar netty-all-4.0.42.Final.jar objenesis-2.1.jar opencsv-2.3.jar http://git-wip-us.apache.org/repos/asf/spark/blob/553aac56/dev/deps/spark-deps-hadoop-2.7 ---------------------------------------------------------------------- diff --git a/dev/deps/spark-deps-hadoop-2.7 b/dev/deps/spark-deps-hadoop-2.7 index b129e5a..77fb537 100644 --- a/dev/deps/spark-deps-hadoop-2.7 +++ b/dev/deps/spark-deps-hadoop-2.7 @@ -138,7 +138,7 @@ metrics-json-3.1.2.jar metrics-jvm-3.1.2.jar minlog-1.3.0.jar mx4j-3.0.2.jar -netty-3.8.0.Final.jar +netty-3.9.9.Final.jar netty-all-4.0.42.Final.jar objenesis-2.1.jar opencsv-2.3.jar http://git-wip-us.apache.org/repos/asf/spark/blob/553aac56/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 33c8dcb..2e67364 100644 --- a/pom.xml +++ b/pom.xml @@ -557,7 +557,7 @@ <dependency> <groupId>io.netty</groupId> <artifactId>netty</artifactId> - <version>3.8.0.Final</version> + <version>3.9.9.Final</version> </dependency> <dependency> <groupId>org.apache.derby</groupId> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
