Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-34752

Upgrade Jetty to 9.4.37 to fix CVE-2020-27223

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.1.1
    • 3.1.2, 3.2.0
    • Spark Core
    • None

    Description

      Another day, another Jetty CVE   Our internal build tools are complaining about Spark's dependency on Jetty 9.4.36 and I found it is because there is another Jetty CVE on the version we recently upgraded to in SPARK-34449. Time for another upgrade to 9.4.37.

       

      Find more at:
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223
      https://www.sourceclear.com/vulnerability-database/security/denial-of-servicedos/java/sid-29523

      Attachments

        Activity

          People

            xkrogen Erik Krogen
            xkrogen Erik Krogen
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: