This is an automated email from the ASF dual-hosted git repository. dongjoon pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push: new bb93547 [SPARK-35326][BUILD] Upgrade Jersey to 2.34 bb93547 is described below commit bb93547cdf0791c38dffaf2ca28bf04b85680100 Author: Kousuke Saruta <saru...@oss.nttdata.com> AuthorDate: Thu May 6 08:36:32 2021 -0700 [SPARK-35326][BUILD] Upgrade Jersey to 2.34 ### What changes were proposed in this pull request? This PR upgrades Jersey to 2.34. ### Why are the changes needed? CVE-2021-28168, a local information disclosure vulnerability, is reported (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28168). Spark 3.1.1, 3.0.2 and 3.2.0 use an affected version 2.30. ### Does this PR introduce _any_ user-facing change? It's not clear how much the impact is but Spark uses an affected version of Jersey so I think it's better to upgrade it just in case. ### How was this patch tested? CI. Closes #32453 from sarutak/upgrade-jersey. Authored-by: Kousuke Saruta <saru...@oss.nttdata.com> Signed-off-by: Dongjoon Hyun <dh...@apple.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 827b405..f8ab52b 100644 --- a/pom.xml +++ b/pom.xml @@ -185,7 +185,7 @@ <datanucleus-core.version>4.1.17</datanucleus-core.version> <guava.version>14.0.1</guava.version> <janino.version>3.0.16</janino.version> - <jersey.version>2.30</jersey.version> + <jersey.version>2.34</jersey.version> <joda.version>2.10.5</joda.version> <jodd.version>3.5.2</jodd.version> <jsr305.version>3.0.0</jsr305.version> --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For additional commands, e-mail: commits-h...@spark.apache.org