Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.2.0
    • Fix Version/s: 2.3.0
    • Component/s: Spark Core
    • Labels:
      None

      Description

      This is derived from https://issues.apache.org/jira/browse/FELIX-5664. Adam Roberts let me know the CVE.

      Spark 2.2 uses jetty 9.3.11.v20160721 that is sensitive to CVE-2017-9735

      We should upgrade jetty to 9.3.20.v20170531 that has released to fix the CVE.

        Attachments

          Activity

            People

            • Assignee:
              kiszk Kazuaki Ishizaki
              Reporter:
              kiszk Kazuaki Ishizaki
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: