[
https://issues.apache.org/jira/browse/SPARK-35429?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dongjoon Hyun resolved SPARK-35429.
-----------------------------------
Resolution: Duplicate
> Remove commons-httpclient due to EOL and CVEs
> ---------------------------------------------
>
> Key: SPARK-35429
> URL: https://issues.apache.org/jira/browse/SPARK-35429
> Project: Spark
> Issue Type: Task
> Components: Spark Core, SQL
> Affects Versions: 3.0.0, 3.1.1, 3.2.0
> Reporter: Sumeet
> Priority: Major
>
> Spark is pulling in commons-httpclient as a dependency directly. See
> dependency:tree:
> {code:java}
> ./build/mvn dependency:tree | grep -i "commons-httpclient"
>
> Using `mvn` from path:
> /Users/sumeet.gajjar/cloudera/upstream-spark/build/apache-maven-3.6.3/bin/mvn
> [INFO] +- commons-httpclient:commons-httpclient:jar:3.1:compile
> [INFO] | +- commons-httpclient:commons-httpclient:jar:3.1:provided
> {code}
> commons-httpclient went EOL years ago and there are most likely CVEs not
> being reported against it, thus we should remove it.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
