Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-27469

Update Commons BeanUtils to 1.9.3

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.4.1, 3.0.0
    • Fix Version/s: 2.4.3, 3.0.0
    • Component/s: Spark Core
    • Labels:
      None

      Description

      Right now, Spark inherits two incosistent versions of Commons BeanUtils via Hadoop: commons-beanutils 1.7.0 and commons-beanutils-core 1.8.0. Version 1.9.3 is the latest, and resolves bugs and a deserialization vulnerability that was otherwise resolved here in CVE-2017-12612. It'd be nice to both fix the inconsistency and get the latest to further ensure that there isn't any latent vulnerability here.

        Attachments

          Activity

            People

            • Assignee:
              srowen Sean R. Owen
              Reporter:
              srowen Sean R. Owen
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: