This is an automated email from the ASF dual-hosted git repository.
dongjoon pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push:
new bb93547 [SPARK-35326][BUILD] Upgrade Jersey to 2.34
bb93547 is described below
commit bb93547cdf0791c38dffaf2ca28bf04b85680100
Author: Kousuke Saruta <saru...@oss.nttdata.com>
AuthorDate: Thu May 6 08:36:32 2021 -0700
[SPARK-35326][BUILD] Upgrade Jersey to 2.34
### What changes were proposed in this pull request?
This PR upgrades Jersey to 2.34.
### Why are the changes needed?
CVE-2021-28168, a local information disclosure vulnerability, is reported
(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28168).
Spark 3.1.1, 3.0.2 and 3.2.0 use an affected version 2.30.
### Does this PR introduce _any_ user-facing change?
It's not clear how much the impact is but Spark uses an affected version of
Jersey so I think it's better to upgrade it just in case.
### How was this patch tested?
CI.
Closes #32453 from sarutak/upgrade-jersey.
Authored-by: Kousuke Saruta <saru...@oss.nttdata.com>
Signed-off-by: Dongjoon Hyun <dh...@apple.com>
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 827b405..f8ab52b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -185,7 +185,7 @@
<datanucleus-core.version>4.1.17</datanucleus-core.version>
<guava.version>14.0.1</guava.version>
<janino.version>3.0.16</janino.version>
- <jersey.version>2.30</jersey.version>
+ <jersey.version>2.34</jersey.version>
<joda.version>2.10.5</joda.version>
<jodd.version>3.5.2</jodd.version>
<jsr305.version>3.0.0</jsr305.version>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org
For additional commands, e-mail: commits-h...@spark.apache.org
