-
Notifications
You must be signed in to change notification settings - Fork 28.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SPARK-35210][BUILD][2.4] Upgrade Jetty to 9.4.40 to fix ERR_CONNECTION_RESET issue #32322
Conversation
cc: @viirya |
Test build #137884 has finished for PR 32322 at commit
|
Kubernetes integration test starting |
Kubernetes integration test status failure |
retest this please |
This comment has been minimized.
This comment has been minimized.
retest this please |
Kubernetes integration test starting |
This comment has been minimized.
This comment has been minimized.
Kubernetes integration test status failure |
Oh, seems we need to update the manifest files. @sarutak Can you update it? Thanks. |
Kubernetes integration test starting |
Kubernetes integration test status failure |
Ya, +1 for @viirya 's comment. |
Ah, I forgot to do it. Thanks. |
Kubernetes integration test starting |
Kubernetes integration test status failure |
Test build #137901 has finished for PR 32322 at commit
|
Thanks. Merging to 2.4. |
…ON_RESET issue ### What changes were proposed in this pull request? This PR backports SPARK-35210 (#32318). This PR proposes to upgrade Jetty to 9.4.40. ### Why are the changes needed? SPARK-34988 (#32091) upgraded Jetty to 9.4.39 for CVE-2021-28165. But after the upgrade, Jetty 9.4.40 was released to fix the ERR_CONNECTION_RESET issue (jetty/jetty.project#6152). This issue seems to affect Jetty 9.4.39 when POST method is used with SSL. For Spark, job submission using REST and ThriftServer with HTTPS protocol can be affected. ### Does this PR introduce _any_ user-facing change? No. No released version uses Jetty 9.3.39. ### How was this patch tested? CI. Closes #32322 from sarutak/backport-SPARK-35210. Authored-by: Kousuke Saruta <sarutak@oss.nttdata.com> Signed-off-by: Liang-Chi Hsieh <viirya@gmail.com>
What changes were proposed in this pull request?
This PR backports SPARK-35210 (#32318).
This PR proposes to upgrade Jetty to 9.4.40.
Why are the changes needed?
SPARK-34988 (#32091) upgraded Jetty to 9.4.39 for CVE-2021-28165.
But after the upgrade, Jetty 9.4.40 was released to fix the ERR_CONNECTION_RESET issue (jetty/jetty.project#6152).
This issue seems to affect Jetty 9.4.39 when POST method is used with SSL.
For Spark, job submission using REST and ThriftServer with HTTPS protocol can be affected.
Does this PR introduce any user-facing change?
No. No released version uses Jetty 9.3.39.
How was this patch tested?
CI.