GitHub user steveloughran opened a pull request:
https://github.com/apache/spark/pull/11346
[SPARK-13471] [SQL]: WiP update hive version to 1.2.1.1.spark
## What changes were proposed in this pull request?
This updates the hive dependency from 1.2.1.spark to 1.2.1.1.spark, an
update which does nothing but
1. Update the POM
1. Update groovy to 2.4.4
In doing so it ensures that CVE-2015-3253 is not passed on to applications
pulling in spark-hive via POM dependencies.
## How was this patch tested?
Full tests ongoing; basic build & hive tests seemed happy. This only works
with a local build of `org.spark-project.hive` of 1.2.1.1.spark with the
modified groovy dependency; Jenkins will fail to build until the artifact is
actually published. ( see [https://github.com/pwendell/hive/pull/1]
audit of maven dependencies shows that later groovy version is picked up
```
[INFO] +- org.spark-project.hive:hive-exec:jar:1.2.1.1.spark:compile
[INFO] | +- (com.twitter:parquet-hadoop-bundle:jar:1.6.0:compile - omitted
for duplicate)
[INFO] | +- commons-io:commons-io:jar:2.4:compile
[INFO] | +- (org.apache.commons:commons-lang3:jar:3.3.2:compile - version
managed from 3.1; omitted for duplicate)
[INFO] | +- (commons-lang:commons-lang:jar:2.6:compile - version managed
from 2.4; omitted for duplicate)
[INFO] | +- javolution:javolution:jar:5.5.1:compile
[INFO] | +- log4j:apache-log4j-extras:jar:1.2.17:compile
[INFO] | +- org.antlr:antlr-runtime:jar:3.4:compile
[INFO] | | +- org.antlr:stringtemplate:jar:3.2.1:compile
[INFO] | | | \- (antlr:antlr:jar:2.7.7:compile - omitted for duplicate)
[INFO] | | \- antlr:antlr:jar:2.7.7:compile
[INFO] | +- org.antlr:ST4:jar:4.0.4:compile
[INFO] | | \- (org.antlr:antlr-runtime:jar:3.3:compile - omitted for
conflict with 3.4)
[INFO] | +- (org.apache.avro:avro:jar:1.7.7:compile - version managed from
1.7.5; omitted for duplicate)
[INFO] | +- org.apache.commons:commons-compress:jar:1.4.1:compile
[INFO] | | \- org.tukaani:xz:jar:1.0:compile
[INFO] | +- (org.apache.ivy:ivy:jar:2.4.0:compile - omitted for duplicate)
[INFO] | +- org.codehaus.groovy:groovy-all:jar:2.4.4:compile
[INFO] | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:compile
[INFO] | +- (org.jodd:jodd-core:jar:3.5.2:compile - omitted for duplicate)
[INFO] | +- (org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:compile -
version managed from 1.9.2; omitted for duplicate)
[INFO] | +- (org.datanucleus:datanucleus-core:jar:3.2.10:compile - omitted
for duplicate)
[INFO] | +-
(org.apache.calcite:calcite-avatica:jar:1.2.0-incubating:compile - omitted for
duplicate)
[INFO] | +- com.google.guava:guava:jar:14.0.1:provided
[INFO] | +- com.googlecode.javaewah:JavaEWAH:jar:0.3.2:compile
[INFO] | +- org.iq80.snappy:snappy:jar:0.2:compile
[INFO] | +- org.json:json:jar:20090211:compile
[INFO] | +- stax:stax-api:jar:1.0.1:compile
[INFO] | +- net.sf.opencsv:opencsv:jar:2.3:compile
[INFO] | \- (jline:jline:jar:2.12:compile - omitted for duplicate)
```
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/steveloughran/spark
fixes/SPARK-13471-groovy-on-branch-1.6
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/spark/pull/11346.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #11346
----
commit efc74b12fab9f586139af913161ac09b802de389
Author: Steve Loughran <[email protected]>
Date: 2016-02-24T14:03:32Z
[SPARK-13471]: update hive version to 1.2.1.1.spark
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
