Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223
Upgrade Jetty version from `9.4.36.v20210114` to `9.4.37.v20210219`. Current Jetty version is vulnerable to [CVE-2020-27223](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223), see [Veracode](https://www.sourceclear.com/vulnerability-database/security/denial-of-servicedos/java/sid-29523) for more details. No, minor Jetty version change. Release notes can be found [here](https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.37.v20210219). Will let GitHub run the unit tests. Closes #31846 from xkrogen/xkrogen-SPARK-34752-jetty-upgrade-cve. Authored-by: Erik Krogen <xkrogen@apache.org> Signed-off-by: HyukjinKwon <gurwls223@apache.org> (cherry picked from commit 4a6f534) Signed-off-by: HyukjinKwon <gurwls223@apache.org>
- Loading branch information