[ https://issues.apache.org/jira/browse/SPARK-35870?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17393277#comment-17393277 ]
Kousuke Saruta commented on SPARK-35870: ---------------------------------------- Hi [~this]. v2.4.8 is the last release of brnch-2.4 (See https://spark.apache.org/versioning-policy.html). So, we can't upgrade Jetty for branch-2.4. > Upgrade Jetty to 9.4.42 > ----------------------- > > Key: SPARK-35870 > URL: https://issues.apache.org/jira/browse/SPARK-35870 > Project: Spark > Issue Type: Bug > Components: Build > Affects Versions: 3.2.0 > Reporter: Kousuke Saruta > Assignee: Kousuke Saruta > Priority: Minor > Fix For: 3.2.0 > > > Recently, CVE-2021-28169 was reported and 9.4.40 which Spark uses in the > current master affects. > https://nvd.nist.gov/vuln/detail/CVE-2021-28169. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org