(spark) branch branch-3.5 updated: [SPARK-48494][BUILD][3.5] Update `airlift:aircompressor` to 0.27

Thu, 27 Jun 2024 20:11:00 -0700 

This is an automated email from the ASF dual-hosted git repository.

yao pushed a commit to branch branch-3.5
in repository https://gitbox.apache.org/repos/asf/spark.git


The following commit(s) were added to refs/heads/branch-3.5 by this push:
     new ade9dbfc504c [SPARK-48494][BUILD][3.5] Update `airlift:aircompressor` 
to 0.27
ade9dbfc504c is described below

commit ade9dbfc504c52dc7a05989bdede599aaca2462d
Author: Bjørn Jørgensen <[email protected]>
AuthorDate: Fri Jun 28 11:10:22 2024 +0800

    [SPARK-48494][BUILD][3.5] Update `airlift:aircompressor` to 0.27
    
    ### What changes were proposed in this pull request?
    upgrade airlift:aircompressor from 0.26 to 0.27
    For branch 3.5
    
    ### Why are the changes needed?
    [CVE-2024-36114](https://www.cve.org/CVERecord?id=CVE-2024-36114)
    
    [Decompressors can crash the JVM and leak memory 
content](https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4)
    
    The fix 
https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e
    
    ### Does this PR introduce _any_ user-facing change?
    No.
    
    ### How was this patch tested?
    pass GA
    
    ### Was this patch authored or co-authored using generative AI tooling?
    No.
    
    Closes #47128 from bjornjorgensen/branch3.5aircompressor0.27.
    
    Authored-by: Bjørn Jørgensen <[email protected]>
    Signed-off-by: Kent Yao <[email protected]>
---
 dev/deps/spark-deps-hadoop-3-hive-2.3 | 2 +-
 pom.xml                               | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3 
b/dev/deps/spark-deps-hadoop-3-hive-2.3
index 378cdb121150..6f8054ae900b 100644
--- a/dev/deps/spark-deps-hadoop-3-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-3-hive-2.3
@@ -4,7 +4,7 @@ JTransforms/3.1//JTransforms-3.1.jar
 RoaringBitmap/0.9.45//RoaringBitmap-0.9.45.jar
 ST4/4.0.4//ST4-4.0.4.jar
 activation/1.1.1//activation-1.1.1.jar
-aircompressor/0.26//aircompressor-0.26.jar
+aircompressor/0.27//aircompressor-0.27.jar
 algebra_2.12/2.0.1//algebra_2.12-2.0.1.jar
 aliyun-java-sdk-core/4.5.10//aliyun-java-sdk-core-4.5.10.jar
 aliyun-java-sdk-kms/2.11.0//aliyun-java-sdk-kms-2.11.0.jar
diff --git a/pom.xml b/pom.xml
index 6bb764e0c28c..f1a7a1618073 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2586,7 +2586,7 @@
       <dependency>
         <groupId>io.airlift</groupId>
         <artifactId>aircompressor</artifactId>
-        <version>0.26</version>
+        <version>0.27</version>
       </dependency>
       <dependency>
         <groupId>org.apache.orc</groupId>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to