This is an automated email from the ASF dual-hosted git repository.
dongjoon pushed a commit to branch branch-3.3
in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/branch-3.3 by this push:
new baeaaeb8cbb [SPARK-38784][CORE] Upgrade Jetty to 9.4.46
baeaaeb8cbb is described below
commit baeaaeb8cbb8a69b15fac1df7063186dfa81e6a8
Author: Sean Owen <[email protected]>
AuthorDate: Sat Apr 16 20:31:34 2022 -0700
[SPARK-38784][CORE] Upgrade Jetty to 9.4.46
### What changes were proposed in this pull request?
Upgrade Jetty to 9.4.46
### Why are the changes needed?
Three CVEs, which don't necessarily appear to affect Spark, are fixed in
this version. Just housekeeping.
CVE-2021-28169
CVE-2021-34428
CVE-2021-34429
### Does this PR introduce _any_ user-facing change?
No
### How was this patch tested?
Existing tests
Closes #36229 from srowen/SPARK-38784.
Authored-by: Sean Owen <[email protected]>
Signed-off-by: Dongjoon Hyun <[email protected]>
(cherry picked from commit 619b7b4345013684e814499f8cec3b99ba9d88c2)
Signed-off-by: Dongjoon Hyun <[email protected]>
---
dev/deps/spark-deps-hadoop-2-hive-2.3 | 2 +-
dev/deps/spark-deps-hadoop-3-hive-2.3 | 4 ++--
pom.xml | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/dev/deps/spark-deps-hadoop-2-hive-2.3
b/dev/deps/spark-deps-hadoop-2-hive-2.3
index 9847f794e0b..7499a9b94c0 100644
--- a/dev/deps/spark-deps-hadoop-2-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-2-hive-2.3
@@ -146,7 +146,7 @@ jersey-hk2/2.34//jersey-hk2-2.34.jar
jersey-server/2.34//jersey-server-2.34.jar
jetty-sslengine/6.1.26//jetty-sslengine-6.1.26.jar
jetty-util/6.1.26//jetty-util-6.1.26.jar
-jetty-util/9.4.44.v20210927//jetty-util-9.4.44.v20210927.jar
+jetty-util/9.4.46.v20220331//jetty-util-9.4.46.v20220331.jar
jetty/6.1.26//jetty-6.1.26.jar
jline/2.14.6//jline-2.14.6.jar
joda-time/2.10.13//joda-time-2.10.13.jar
diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3
b/dev/deps/spark-deps-hadoop-3-hive-2.3
index 5d26abb88cd..94cd0021223 100644
--- a/dev/deps/spark-deps-hadoop-3-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-3-hive-2.3
@@ -133,8 +133,8 @@
jersey-container-servlet/2.34//jersey-container-servlet-2.34.jar
jersey-hk2/2.34//jersey-hk2-2.34.jar
jersey-server/2.34//jersey-server-2.34.jar
jettison/1.1//jettison-1.1.jar
-jetty-util-ajax/9.4.44.v20210927//jetty-util-ajax-9.4.44.v20210927.jar
-jetty-util/9.4.44.v20210927//jetty-util-9.4.44.v20210927.jar
+jetty-util-ajax/9.4.46.v20220331//jetty-util-ajax-9.4.46.v20220331.jar
+jetty-util/9.4.46.v20220331//jetty-util-9.4.46.v20220331.jar
jline/2.14.6//jline-2.14.6.jar
joda-time/2.10.13//joda-time-2.10.13.jar
jodd-core/3.5.2//jodd-core-3.5.2.jar
diff --git a/pom.xml b/pom.xml
index 8d60f880af4..072556a5997 100644
--- a/pom.xml
+++ b/pom.xml
@@ -139,7 +139,7 @@
<derby.version>10.14.2.0</derby.version>
<parquet.version>1.12.2</parquet.version>
<orc.version>1.7.4</orc.version>
- <jetty.version>9.4.44.v20210927</jetty.version>
+ <jetty.version>9.4.46.v20220331</jetty.version>
<jakartaservlet.version>4.0.3</jakartaservlet.version>
<chill.version>0.10.0</chill.version>
<ivy.version>2.5.0</ivy.version>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
