This is an automated email from the ASF dual-hosted git repository. srowen pushed a commit to branch branch-3.0 in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/branch-3.0 by this push: new bd972fe [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165 bd972fe is described below commit bd972fed00d5e5413f008b8168aeb381da91938b Author: Kousuke Saruta <saru...@oss.nttdata.com> AuthorDate: Thu Apr 8 10:41:43 2021 -0500 [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165 ### What changes were proposed in this pull request? This PR backports #32091. This PR upgrades the version of Jetty to 9.4.39. ### Why are the changes needed? CVE-2021-28165 affects the version of Jetty that Spark uses and it seems to be a little bit serious. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Existing tests. Closes #32094 from sarutak/SPARK-34988-branch-3.0. Authored-by: Kousuke Saruta <saru...@oss.nttdata.com> Signed-off-by: Sean Owen <sro...@gmail.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 1a42165..e501a2b 100644 --- a/pom.xml +++ b/pom.xml @@ -140,7 +140,7 @@ <orc.classifier></orc.classifier> <hive.parquet.group>com.twitter</hive.parquet.group> <hive.parquet.version>1.6.0</hive.parquet.version> - <jetty.version>9.4.36.v20210114</jetty.version> + <jetty.version>9.4.39.v20210325</jetty.version> <javaxservlet.version>3.1.0</javaxservlet.version> <chill.version>0.9.5</chill.version> <ivy.version>2.4.0</ivy.version> --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For additional commands, e-mail: commits-h...@spark.apache.org