[ https://issues.apache.org/jira/browse/SPARK-39725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17610741#comment-17610741 ]
phoebe chen edited comment on SPARK-39725 at 9/28/22 10:13 PM: --------------------------------------------------------------- [~bjornjorgensen] [~hyukjin.kwon] Thanks for the quick fix. In the PR, the jetty.version is changed to 9.4.48.v20220622, just want to double confirm that all the jetty dependencies in Spark will be upgraded to this version, including jetty-io, right? was (Author: JIRAUSER283955): [~bjornjorgensen][~hyukjin.kwon] Thanks for the quick fix. In the PR, the jetty.version is changed to 9.4.48.v20220622, just want to double confirm that all the jetty dependencies in Spark will be upgraded to this version, including jetty-io, right? > Upgrade jetty-http from 9.4.46.v20220331 to 9.4.48.v20220622 > ------------------------------------------------------------ > > Key: SPARK-39725 > URL: https://issues.apache.org/jira/browse/SPARK-39725 > Project: Spark > Issue Type: Bug > Components: Build > Affects Versions: 3.4.0 > Reporter: Bjørn Jørgensen > Assignee: Bjørn Jørgensen > Priority: Major > Fix For: 3.4.0 > > > [Release note |https://github.com/eclipse/jetty.project/releases] > [CVE-2022-2047|https://nvd.nist.gov/vuln/detail/CVE-2022-2047] -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org