This is an automated email from the ASF dual-hosted git repository. sarutak pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push: new 7b78d56 [SPARK-35870][BUILD] Upgrade Jetty to 9.4.42 7b78d56 is described below commit 7b78d56f34a30148374c68141a3adb3a0c432a1b Author: Kousuke Saruta <saru...@oss.nttdata.com> AuthorDate: Fri Jun 25 03:32:32 2021 +0900 [SPARK-35870][BUILD] Upgrade Jetty to 9.4.42 ### What changes were proposed in this pull request? This PR upgrades Jetty to `9.4.42`. In the current master, `9.4.40` is used. `9.4.41` and `9.4.42` include the following updates. https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.41.v20210516 https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.42.v20210604 ### Why are the changes needed? Mainly for CVE-2021-28169. https://nvd.nist.gov/vuln/detail/CVE-2021-28169 This CVE might little affect Spark, but just in case. ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? CI. Closes #33053 from sarutak/upgrade-jetty-9.4.42. Authored-by: Kousuke Saruta <saru...@oss.nttdata.com> Signed-off-by: Kousuke Saruta <saru...@oss.nttdata.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index a53aae3..16fe9e6 100644 --- a/pom.xml +++ b/pom.xml @@ -138,7 +138,7 @@ <derby.version>10.14.2.0</derby.version> <parquet.version>1.12.0</parquet.version> <orc.version>1.6.8</orc.version> - <jetty.version>9.4.40.v20210413</jetty.version> + <jetty.version>9.4.42.v20210604</jetty.version> <jakartaservlet.version>4.0.3</jakartaservlet.version> <chill.version>0.9.5</chill.version> <ivy.version>2.4.0</ivy.version> --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For additional commands, e-mail: commits-h...@spark.apache.org