Kazuaki Ishizaki created SPARK-21373: ----------------------------------------
Summary: Update Jetty to 9.3.20.v20170531 to fix CVE-2017-9735 Key: SPARK-21373 URL: https://issues.apache.org/jira/browse/SPARK-21373 Project: Spark Issue Type: Bug Components: Spark Core Affects Versions: 2.2.1, 2.3.0 Reporter: Kazuaki Ishizaki This is derived from https://issues.apache.org/jira/browse/FELIX-5664 Spark 2.2 uses jetty 9.3.11.v20160721 that is sensitive to CVE-2017-9735 * https://nvd.nist.gov/vuln/detail/CVE-2017-9735 * https://github.com/eclipse/jetty.project/issues/1556 We should upgrade jetty to 9.3.20.v20170531 that has released to fix the CVE. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org