[SPARK-34752] Upgrade Jetty to 9.4.37 to fix CVE-2020-27223 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.1.1
Fix Version/s: 3.1.2, 3.2.0
Component/s: Spark Core
Labels:
None

Description

Another day, another Jetty CVE Our internal build tools are complaining about Spark's dependency on Jetty 9.4.36 and I found it is because there is another Jetty CVE on the version we recently upgraded to in ~~SPARK-34449~~. Time for another upgrade to 9.4.37.

Find more at:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223
https://www.sourceclear.com/vulnerability-database/security/denial-of-servicedos/java/sid-29523

Attachments

Issue Links

links to

[Github] Pull Request #31846 (xkrogen)

Activity

People

Assignee:: Erik Krogen

Reporter:: Erik Krogen

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 15/Mar/21 21:31

Updated:: 12/Dec/22 18:10

Resolved:: 16/Mar/21 03:09