Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-34403

Remove dependency to commons-httpclient, is not used and has vulnerabilities.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Won't Fix
    • 3.1.0
    • None
    • Spark Core
    • None

    Description

      <dependency>
      <groupId>commons-httpclient</groupId>
      <artifactId>commons-httpclient</artifactId>
      </dependency>

       

      Has vulnerabilities as below:

       

      CVE-2012-6153

      CVE-2012-5783

       

      Also, after removing it and running `spark/sql/hive$mvn compile test` the result is SUCCESS

       

      Attachments

        Issue Links

          is duplicated by

          Task - A task that needs to be done. SPARK-35429 Remove commons-httpclient due to EOL and CVEs

          • Major - Major loss of function.
          • Closed
          links to

          Pull request #31528 [Github] Pull Request #31528 (ssainz)

          Pull request #31528 [Github] Pull Request #31528 (ssainz)

          Activity

            People

              Unassigned Unassigned
              sergiosp Sergio Sainz
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: