[
https://issues.apache.org/jira/browse/IMPALA-11229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17521768#comment-17521768
]
ASF subversion and git services commented on IMPALA-11229:
----------------------------------------------------------
Commit 3627b027fea9ba25f204f4166bce90d76e995724 in impala's branch
refs/heads/master from Joe McDonnell
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=3627b027f ]
IMPALA-11229: Upgrade Spring framework to 5.3.18
This upgrade the Spring framework to 5.3.18 to
address multiple CVEs:
- CVE-2022-22965
- CVE-2022-22950
- CVE-2021-22060
Testing:
- Ran core job
- Ran custom cluster tests in exhaustive mode
Change-Id: Ie1b299c5b24e70c9db6eb0ce37fee9e32908423e
Reviewed-on: http://gerrit.cloudera.org:8080/18405
Tested-by: Impala Public Jenkins <[email protected]>
Reviewed-by: Tamas Mate <[email protected]>
> Upgrade spring version to 5.3.18 to address CVEs
> ------------------------------------------------
>
> Key: IMPALA-11229
> URL: https://issues.apache.org/jira/browse/IMPALA-11229
> Project: IMPALA
> Issue Type: Task
> Components: Frontend
> Affects Versions: Impala 4.1.0
> Reporter: Joe McDonnell
> Assignee: Joe McDonnell
> Priority: Blocker
>
> The current version of Spring that we use is subject to some vulnerabilities
> that were announced recently (CVE-2022-22965, CVE-2022-22950,
> CVE-2021-22060). We should upgrade to 5.3.18 to address these CVEs.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
