[spark] branch master updated: [SPARK-39540][BUILD] Upgrade `mysql-connector-java` to 8.0.29

Tue, 21 Jun 2022 17:50:48 -0700 

This is an automated email from the ASF dual-hosted git repository.

dongjoon pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git


The following commit(s) were added to refs/heads/master by this push:
     new 068809dc33b [SPARK-39540][BUILD] Upgrade `mysql-connector-java` to 
8.0.29
068809dc33b is described below

commit 068809dc33b128471f6cb210c8f058cd66b02bec
Author: Bjørn Jørgensen <[email protected]>
AuthorDate: Tue Jun 21 17:50:22 2022 -0700

    [SPARK-39540][BUILD] Upgrade `mysql-connector-java` to 8.0.29
    
    ### What changes were proposed in this pull request?
    Upgrade mysql-connector-java from 8.0.27 to 8.0.29
    
    ### Why are the changes needed?
    Improper Handling of Insufficient Permissions or Privileges in MySQL 
Connectors Java.
    
    Vulnerability in the MySQL Connectors product of Oracle MySQL (component: 
Connector/J). Supported versions that are affected are 8.0.27 and prior. 
Difficult to exploit vulnerability allows high privileged attacker with network 
access via multiple protocols to compromise MySQL Connectors. Successful 
attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 
3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS 
Vector: (CVSS:3.1/AV:N/AC:H/PR: [...]
    
    [CVE-2022-21363](https://nvd.nist.gov/vuln/detail/CVE-2022-21363)
    
    ### Does this PR introduce _any_ user-facing change?
    No.
    
    ### How was this patch tested?
    Pass GA
    
    Closes #36938 from bjornjorgensen/Upgrade-mysql-connector-java-to-8.0.28.
    
    Lead-authored-by: Bjørn Jørgensen <[email protected]>
    Co-authored-by: Bjørn Jørgensen 
<[email protected]>
    Signed-off-by: Dongjoon Hyun <[email protected]>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 6749dfd8422..d14e3aab24f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1218,7 +1218,7 @@
       <dependency>
         <groupId>mysql</groupId>
         <artifactId>mysql-connector-java</artifactId>
-        <version>8.0.27</version>
+        <version>8.0.29</version>
         <scope>test</scope>
       </dependency>
       <dependency>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to