Skip to content

Commit 4a6f534

Browse files
xkrogenHyukjinKwon
xkrogen
authored and
HyukjinKwon
committed
[SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223
### What changes were proposed in this pull request? Upgrade Jetty version from `9.4.36.v20210114` to `9.4.37.v20210219`. ### Why are the changes needed? Current Jetty version is vulnerable to [CVE-2020-27223](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223), see [Veracode](https://www.sourceclear.com/vulnerability-database/security/denial-of-servicedos/java/sid-29523) for more details. ### Does this PR introduce _any_ user-facing change? No, minor Jetty version change. Release notes can be found [here](https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.37.v20210219). ### How was this patch tested? Will let GitHub run the unit tests. Closes apache#31846 from xkrogen/xkrogen-SPARK-34752-jetty-upgrade-cve. Authored-by: Erik Krogen <[email protected]> Signed-off-by: HyukjinKwon <[email protected]>
1 parent bb05dc9 commit 4a6f534

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -138,7 +138,7 @@
138138
<derby.version>10.14.2.0</derby.version>
139139
<parquet.version>1.11.1</parquet.version>
140140
<orc.version>1.6.7</orc.version>
141-
<jetty.version>9.4.36.v20210114</jetty.version>
141+
<jetty.version>9.4.37.v20210219</jetty.version>
142142
<jakartaservlet.version>4.0.3</jakartaservlet.version>
143143
<chill.version>0.9.5</chill.version>
144144
<ivy.version>2.4.0</ivy.version>

0 commit comments

Comments
 (0)