Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SPARK-30318] [Core] Upgrade jetty to 9.3.27.v20190418 #26967

Closed
wants to merge 1 commit into from
Closed

[SPARK-30318] [Core] Upgrade jetty to 9.3.27.v20190418 #26967

wants to merge 1 commit into from

Conversation

sandeep-katta
Copy link
Contributor

@sandeep-katta sandeep-katta commented Dec 20, 2019
edited
Loading

What changes were proposed in this pull request?

Upgrade jetty to 9.3.27.v20190418 to fix below CVE

https://nvd.nist.gov/vuln/detail/CVE-2019-10247
https://nvd.nist.gov/vuln/detail/CVE-2019-10241

tag: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.3.27.v20190418

Why are the changes needed?

To fix CVE-2019-10247 and CVE-2019-10241

Does this PR introduce any user-facing change?

No

How was this patch tested?

Existing Test

@sandeep-katta sandeep-katta changed the base branch from master to branch-2.4 December 20, 2019 13:39
@sandeep-katta
Copy link
Contributor Author

@wangyum @HyukjinKwon

@SparkQA
Copy link

SparkQA commented Dec 20, 2019

Test build #4969 has finished for PR 26967 at commit 7256920.

  • This patch passes all tests.
  • This patch merges cleanly.
  • This patch adds no public classes.

srowen pushed a commit that referenced this pull request Dec 21, 2019
@sandeep-katta @srowen
[SPARK-30318][CORE] Upgrade jetty to 9.3.27.v20190418
d10e414 
### What changes were proposed in this pull request?

Upgrade jetty to 9.3.27.v20190418 to fix below CVE

https://nvd.nist.gov/vuln/detail/CVE-2019-10247
https://nvd.nist.gov/vuln/detail/CVE-2019-10241

tag: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.3.27.v20190418

### Why are the changes needed?
To fix  CVE-2019-10247 and CVE-2019-10241

### Does this PR introduce any user-facing change?
No

### How was this patch tested?
Existing Test

Closes #26967 from sandeep-katta/jettyUpgrade.

Authored-by: sandeep katta <sandeep.katta2007@gmail.com>
Signed-off-by: Sean Owen <srowen@gmail.com>
@srowen
Copy link
Member

srowen commented Dec 21, 2019

Merged to 2.4

@srowen srowen closed this Dec 21, 2019
dongjoon-hyun
dongjoon-hyun reviewed Dec 21, 2019
View reviewed changes
Copy link
Member

@dongjoon-hyun dongjoon-hyun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1, late LGTM. Thank you, @sandeep-katta and @srowen .

@joshrosen-stripe joshrosen-stripe mentioned this pull request Jan 6, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dongjoon-hyun dongjoon-hyun dongjoon-hyun left review comments

Assignees
No one assigned
Labels
BUILD
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sandeep-katta @SparkQA @srowen @dongjoon-hyun