This is an automated email from the ASF dual-hosted git repository.

yangjie01 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git


The following commit(s) were added to refs/heads/master by this push:
     new 86001c13865 [SPARK-45540][BUILD] Upgrade jetty to 9.4.53.v20231009
86001c13865 is described below

commit 86001c13865eae6bfcab4dd7c8e0390a1cbb5adc
Author: yangjie01 <[email protected]>
AuthorDate: Mon Oct 16 22:47:28 2023 +0800

    [SPARK-45540][BUILD] Upgrade jetty to 9.4.53.v20231009
    
    ### What changes were proposed in this pull request?
    This pr aims to upgrade jetty from 9.4.52.v20230823 to 9.4.53.v20231009
    
    ### Why are the changes needed?
    This version fix 2 CVE:
    
    - [CVE-2023-36478](https://github.com/advisories/GHSA-wgh7-54f2-x98r) | 
https://github.com/apache/spark/security/dependabot/77
    - [CVE-2023-44487](https://github.com/advisories/GHSA-qppj-fm5r-hxr3)
    
    the full release notes as follows:
    - https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.53.v20231009
    
    ### Does this PR introduce _any_ user-facing change?
    No
    
    ### How was this patch tested?
    - Pass GitHub Actions
    
    ### Was this patch authored or co-authored using generative AI tooling?
    No
    
    Closes #43375 from LuciferYang/SPARK-45540.
    
    Lead-authored-by: yangjie01 <[email protected]>
    Co-authored-by: YangJie <[email protected]>
    Signed-off-by: yangjie01 <[email protected]>
---
 dev/deps/spark-deps-hadoop-3-hive-2.3 | 4 ++--
 pom.xml                               | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3 
b/dev/deps/spark-deps-hadoop-3-hive-2.3
index 7286b4bd131..f896df11923 100644
--- a/dev/deps/spark-deps-hadoop-3-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-3-hive-2.3
@@ -129,8 +129,8 @@ 
jersey-container-servlet/2.40//jersey-container-servlet-2.40.jar
 jersey-hk2/2.40//jersey-hk2-2.40.jar
 jersey-server/2.40//jersey-server-2.40.jar
 jettison/1.5.4//jettison-1.5.4.jar
-jetty-util-ajax/9.4.52.v20230823//jetty-util-ajax-9.4.52.v20230823.jar
-jetty-util/9.4.52.v20230823//jetty-util-9.4.52.v20230823.jar
+jetty-util-ajax/9.4.53.v20231009//jetty-util-ajax-9.4.53.v20231009.jar
+jetty-util/9.4.53.v20231009//jetty-util-9.4.53.v20231009.jar
 jline/2.14.6//jline-2.14.6.jar
 jline/3.22.0//jline-3.22.0.jar
 jna/5.13.0//jna-5.13.0.jar
diff --git a/pom.xml b/pom.xml
index 4741afd1a64..b6804dfb75f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -143,7 +143,7 @@
     <parquet.version>1.13.1</parquet.version>
     <orc.version>1.9.1</orc.version>
     <orc.classifier>shaded-protobuf</orc.classifier>
-    <jetty.version>9.4.52.v20230823</jetty.version>
+    <jetty.version>9.4.53.v20231009</jetty.version>
     <jakartaservlet.version>4.0.3</jakartaservlet.version>
     <chill.version>0.10.0</chill.version>
     <!--


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to