GitHub user ash211 opened a pull request:
https://github.com/apache/spark/pull/18789
Bump jackson from 2.6.5 to 2.6.7.1 (#241)
This brings in a security fix for CVE-2017-7525 in the jackson-databind
library, which Spark uses.
When releasing this patch, upstream released a 2.6.7.1 for jackson-databind
but not a corresponding 2.6.7.1 for the rest of jackson, so those only go up to
2.6.7
This requires splitting the version variable in /pom.xml
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/ash211/spark SPARK-20433
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/spark/pull/18789.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #18789
----
commit 35e69bd0066d5c8a978f71fde369bf103c8e9a5a
Author: Andrew Ash <[email protected]>
Date: 2017-07-27T03:58:41Z
Bump jackson from 2.6.5 to 2.6.7.1 (#241)
Would use 2.6.7 everywhere but upstream released a 2.6.7.1 for
jackson-databind but not a corresponding 2.6.7 for the rest of jackson, so
those remain on 2.6.7
This requires splitting the version variable in /pom.xml
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
