[SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223

Upgrade Jetty version from `9.4.36.v20210114` to `9.4.37.v20210219`. Current Jetty version is vulnerable to [CVE-2020-27223](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223), see [Veracode](https://www.sourceclear.com/vulnerability-database/security/denial-of-servicedos/java/sid-29523) for more details. No, minor Jetty version change. Release notes can be found [here](https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.37.v20210219). Will let GitHub run the unit tests. Closes #31846 from xkrogen/xkrogen-SPARK-34752-jetty-upgrade-cve. Authored-by: Erik Krogen <xkrogen@apache.org> Signed-off-by: HyukjinKwon <gurwls223@apache.org> (cherry picked from commit 4a6f534) Signed-off-by: HyukjinKwon <gurwls223@apache.org>
apache · Mar 16, 2021 · 2283e7d · 2283e7d
1 parent c28e452
commit 2283e7d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pom.xml b/pom.xml
@@ -137,7 +137,7 @@
     <derby.version>10.12.1.1</derby.version>
     <parquet.version>1.10.1</parquet.version>
     <orc.version>1.5.12</orc.version>
-    <jetty.version>9.4.36.v20210114</jetty.version>
+    <jetty.version>9.4.37.v20210219</jetty.version>
     <jakartaservlet.version>4.0.3</jakartaservlet.version>
     <chill.version>0.9.5</chill.version>
     <ivy.version>2.4.0</ivy.version>