Github user srowen commented on the pull request:
https://github.com/apache/spark/pull/10198#issuecomment-163315641
@JoshRosen there's only only group/artifact for Commons Collections <= 3.x;
4.x uses the new group but doesn't have the problem. This should force the
dependency on
Github user srowen commented on the pull request:
https://github.com/apache/spark/pull/9731#issuecomment-162823368
@XuTingjun commons-collections? just search Maven Central
Github user XuTingjun commented on the pull request:
https://github.com/apache/spark/pull/9731#issuecomment-162828252
ok, please fix it as soon as possible, thanks.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your
Github user XuTingjun commented on the pull request:
https://github.com/apache/spark/pull/9731#issuecomment-162814698
@srowen I can't find this jar file, can you give me a download url?
---
If your project is set up for it, you can reply to this email and have your
reply appear on
Github user XuTingjun commented on the pull request:
https://github.com/apache/spark/pull/9731#issuecomment-162819273
@srowen I only find below commons-collection file:
```
commons-collections
commons-collections
3.2.2
```
---
If your project is set up for it,
Github user srowen commented on the pull request:
https://github.com/apache/spark/pull/9731#issuecomment-162825724
Oh dang it, yes the group is only `org.apache.commons` in version 4. Right
now this does nothing. PR coming ...
---
If your project is set up for it, you can reply to
Github user XuTingjun commented on the pull request:
https://github.com/apache/spark/pull/9731#issuecomment-162824623
I think the groupId should be "commons-collections", not
"org.apache.commons", right?
---
If your project is set up for it, you can reply to this email and have your
Github user AmplabJenkins commented on the pull request:
https://github.com/apache/spark/pull/10198#issuecomment-162853197
Test FAILed.
Refer to this link for build results (access rights to CI server needed):
Github user AmplabJenkins commented on the pull request:
https://github.com/apache/spark/pull/10198#issuecomment-162853196
Merged build finished. Test FAILed.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your
Github user XuTingjun commented on the pull request:
https://github.com/apache/spark/pull/10198#issuecomment-162851296
LGTM, thanks
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this
GitHub user srowen opened a pull request:
https://github.com/apache/spark/pull/10198
[SPARK-11652] [CORE] Remote code execution with InvokerTransformer
Fix commons-collection group ID to commons-collections for version 3.x
Patches earlier PR at
Github user srowen commented on the pull request:
https://github.com/apache/spark/pull/9731#issuecomment-162849867
Seehttps://github.com/apache/spark/pull/10198
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your
Github user SparkQA commented on the pull request:
https://github.com/apache/spark/pull/10198#issuecomment-162855530
**[Test build #2180 has
started](https://amplab.cs.berkeley.edu/jenkins/job/NewSparkPullRequestBuilder/2180/consoleFull)**
for PR 10198 at commit
Github user srowen commented on the pull request:
https://github.com/apache/spark/pull/10198#issuecomment-162884712
I'm going to merge this shortly as a sort of 'hot fix', though it doesn't
fix anything -- the original PR was an improvement but didn't actually have an
effect.
---
Github user SparkQA commented on the pull request:
https://github.com/apache/spark/pull/10198#issuecomment-162881131
**[Test build #2180 has
finished](https://amplab.cs.berkeley.edu/jenkins/job/NewSparkPullRequestBuilder/2180/consoleFull)**
for PR 10198 at commit
Github user asfgit closed the pull request at:
https://github.com/apache/spark/pull/10198
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is
Github user JoshRosen commented on the pull request:
https://github.com/apache/spark/pull/10198#issuecomment-162960098
Hey, quick Q.: how do we make sure that the bad version of the dependency
(under a different org / artifact ID) doesn't get pulled in transitively and
wind up taking
Github user srowen commented on the pull request:
https://github.com/apache/spark/pull/9731#issuecomment-157650392
Merged to master/1.6/1.5/1.4
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not
Github user asfgit closed the pull request at:
https://github.com/apache/spark/pull/9731
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is
Github user srowen commented on the pull request:
https://github.com/apache/spark/pull/9731#issuecomment-157500087
I'm going to go ahead and merge this, as it's a bug fix update anyway,
passes, and should make sure there's no exploit of this form. We may not be
alone in getting some
Github user SparkQA commented on the pull request:
https://github.com/apache/spark/pull/9731#issuecomment-157079364
**[Test build #2064 has
finished](https://amplab.cs.berkeley.edu/jenkins/job/NewSparkPullRequestBuilder/2064/consoleFull)**
for PR 9731 at commit
Github user SparkQA commented on the pull request:
https://github.com/apache/spark/pull/9731#issuecomment-157027215
**[Test build #2064 has
started](https://amplab.cs.berkeley.edu/jenkins/job/NewSparkPullRequestBuilder/2064/consoleFull)**
for PR 9731 at commit
Github user SparkQA commented on the pull request:
https://github.com/apache/spark/pull/9731#issuecomment-157004392
**[Test build #45991 has
finished](https://amplab.cs.berkeley.edu/jenkins/job/SparkPullRequestBuilder/45991/consoleFull)**
for PR 9731 at commit
Github user AmplabJenkins commented on the pull request:
https://github.com/apache/spark/pull/9731#issuecomment-157004451
Test FAILed.
Refer to this link for build results (access rights to CI server needed):
Github user AmplabJenkins commented on the pull request:
https://github.com/apache/spark/pull/9731#issuecomment-157004450
Merged build finished. Test FAILed.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your
Github user SparkQA commented on the pull request:
https://github.com/apache/spark/pull/9731#issuecomment-156975272
**[Test build #45991 has
started](https://amplab.cs.berkeley.edu/jenkins/job/SparkPullRequestBuilder/45991/consoleFull)**
for PR 9731 at commit
GitHub user srowen opened a pull request:
https://github.com/apache/spark/pull/9731
[SPARK-11652] [CORE] Remote code execution with InvokerTransformer
Update to Commons Collections 3.2.2 to avoid any potential remote code
execution vulnerability
You can merge this pull request
27 matches
Mail list logo
