From 2283e7dd7dfb426403964e84477baa435aae92b9 Mon Sep 17 00:00:00 2001
From: Erik Krogen <xkrogen@apache.org>
Date: Tue, 16 Mar 2021 12:07:12 +0900
Subject: [PATCH] [SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address
 CVE-2020-27223

Upgrade Jetty version from `9.4.36.v20210114` to `9.4.37.v20210219`.

Current Jetty version is vulnerable to [CVE-2020-27223](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223), see [Veracode](https://www.sourceclear.com/vulnerability-database/security/denial-of-servicedos/java/sid-29523) for more details.

No, minor Jetty version change. Release notes can be found [here](https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.37.v20210219).

Will let GitHub run the unit tests.

Closes #31846 from xkrogen/xkrogen-SPARK-34752-jetty-upgrade-cve.

Authored-by: Erik Krogen <xkrogen@apache.org>
Signed-off-by: HyukjinKwon <gurwls223@apache.org>
(cherry picked from commit 4a6f5340ae4ff680da57b8c3410cd0d9b6c7f933)
Signed-off-by: HyukjinKwon <gurwls223@apache.org>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 3405d7d56791d..6f2dfd14e7f45 100644
--- a/pom.xml
+++ b/pom.xml
@@ -137,7 +137,7 @@
     <derby.version>10.12.1.1</derby.version>
     <parquet.version>1.10.1</parquet.version>
     <orc.version>1.5.12</orc.version>
-    <jetty.version>9.4.36.v20210114</jetty.version>
+    <jetty.version>9.4.37.v20210219</jetty.version>
     <jakartaservlet.version>4.0.3</jakartaservlet.version>
     <chill.version>0.9.5</chill.version>
     <ivy.version>2.4.0</ivy.version>