[SPARK-27469] Update Commons BeanUtils to 1.9.3 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.4.1, 3.0.0
Fix Version/s: 2.4.3, 3.0.0
Component/s: Spark Core
Labels:
None

Description

Right now, Spark inherits two incosistent versions of Commons BeanUtils via Hadoop: commons-beanutils 1.7.0 and commons-beanutils-core 1.8.0. Version 1.9.3 is the latest, and resolves bugs and a deserialization vulnerability that was otherwise resolved here in CVE-2017-12612. It'd be nice to both fix the inconsistency and get the latest to further ensure that there isn't any latent vulnerability here.

Attachments

Issue Links

links to

GitHub Pull Request #24378

GitHub Pull Request #24433

Activity

People

Assignee:: Sean R. Owen

Reporter:: Sean R. Owen

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 15/Apr/19 18:38

Updated:: 27/Apr/19 18:04

Resolved:: 16/Apr/19 14:22