Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-34752

Upgrade Jetty to 9.4.37 to fix CVE-2020-27223

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.1
    • Fix Version/s: 3.1.2, 3.2.0
    • Component/s: Spark Core
    • Labels:
      None

      Description

      Another day, another Jetty CVE   Our internal build tools are complaining about Spark's dependency on Jetty 9.4.36 and I found it is because there is another Jetty CVE on the version we recently upgraded to in SPARK-34449. Time for another upgrade to 9.4.37.

       

      Find more at:
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223
      https://www.sourceclear.com/vulnerability-database/security/denial-of-servicedos/java/sid-29523

        Attachments

          Activity

            People

            • Assignee:
              xkrogen Erik Krogen
              Reporter:
              xkrogen Erik Krogen
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: