[SPARK-28713] Bump checkstyle from 8.14 to 8.23 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.4.3
Fix Version/s: 2.4.4, 3.0.0
Component/s: Spark Core
Labels:
None

Description

From the GitHub Security Advisory Database:

Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle
Checkstyle prior to 8.18 loads external DTDs by default, which can potentially lead to denial of service attacks or the leaking of confidential information.

Affected versions: < 8.18

Attachments

Issue Links

links to

GitHub Pull Request #25432

GitHub Pull Request #25437

Activity

People

Assignee:: Fokko Driesprong

Reporter:: Fokko Driesprong

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 13/Aug/19 14:56

Updated:: 01/Sep/19 06:29

Resolved:: 13/Aug/19 18:12