[jira] [Updated] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223

Erik Krogen (Jira) Mon, 15 Mar 2021 14:39:06 -0700


     [ 
https://issues.apache.org/jira/browse/SPARK-34752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Erik Krogen updated SPARK-34752:
--------------------------------
    Summary: Upgrade Jetty to 9.4.37 to fix CVE-2020-27223  (was: Upgrade Jetty 
to 9.3.37 to fix CVE-2020-27223)

> Upgrade Jetty to 9.4.37 to fix CVE-2020-27223
> ---------------------------------------------
>
>                 Key: SPARK-34752
>                 URL: https://issues.apache.org/jira/browse/SPARK-34752
>             Project: Spark
>          Issue Type: Improvement
>          Components: Spark Core
>    Affects Versions: 3.1.1
>            Reporter: Erik Krogen
>            Priority: Major
>
> Another day, another Jetty CVE :)  Our internal build tools are complaining 
> about Spark's dependency on Jetty 9.3.36 and I found it is because there is 
> another Jetty CVE on the version we recently upgraded to in SPARK-34449. Time 
> for another upgrade to 9.3.37.
>  
> Find more at:
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223
> https://www.sourceclear.com/vulnerability-database/security/denial-of-servicedos/java/sid-29523



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

[jira] [Updated] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223

Reply via email to