Skip to content

[SPARK-30318] [Core] Upgrade jetty to 9.3.27.v20190418 #26967

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[SPARK-30318] [Core] Upgrade jetty to 9.3.27.v20190418 #26967

wants to merge 1 commit into from

Conversation

@sandeep-katta
Copy link
Contributor

@sandeep-katta sandeep-katta commented Dec 20, 2019
edited
Loading

What changes were proposed in this pull request?

Upgrade jetty to 9.3.27.v20190418 to fix below CVE

https://nvd.nist.gov/vuln/detail/CVE-2019-10247
https://nvd.nist.gov/vuln/detail/CVE-2019-10241

tag: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.3.27.v20190418

Why are the changes needed?

To fix CVE-2019-10247 and CVE-2019-10241

Does this PR introduce any user-facing change?

No

How was this patch tested?

Existing Test

@sandeep-katta sandeep-katta changed the base branch from master to branch-2.4 December 20, 2019 13:39
@sandeep-katta
Copy link
Contributor Author

sandeep-katta commented Dec 20, 2019

@wangyum @HyukjinKwon

@SparkQA
Copy link

SparkQA commented Dec 20, 2019

Test build #4969 has finished for PR 26967 at commit 7256920.

  • This patch passes all tests.
  • This patch merges cleanly.
  • This patch adds no public classes.

srowen pushed a commit that referenced this pull request Dec 21, 2019
@sandeep-katta @srowen
[SPARK-30318][CORE] Upgrade jetty to 9.3.27.v20190418
d10e414 
### What changes were proposed in this pull request?

Upgrade jetty to 9.3.27.v20190418 to fix below CVE

https://nvd.nist.gov/vuln/detail/CVE-2019-10247
https://nvd.nist.gov/vuln/detail/CVE-2019-10241

tag: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.3.27.v20190418

### Why are the changes needed?
To fix  CVE-2019-10247 and CVE-2019-10241

### Does this PR introduce any user-facing change?
No

### How was this patch tested?
Existing Test

Closes #26967 from sandeep-katta/jettyUpgrade.

Authored-by: sandeep katta <[email protected]>
Signed-off-by: Sean Owen <[email protected]>
@srowen
Copy link
Member

srowen commented Dec 21, 2019

Merged to 2.4

@srowen srowen closed this Dec 21, 2019
dongjoon-hyun
dongjoon-hyun reviewed Dec 21, 2019
View reviewed changes
Copy link
Member

@dongjoon-hyun dongjoon-hyun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1, late LGTM. Thank you, @sandeep-katta and @srowen .

@joshrosen-stripe joshrosen-stripe mentioned this pull request Jan 6, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dongjoon-hyun dongjoon-hyun dongjoon-hyun left review comments

Assignees

No one assigned

Labels

BUILD

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sandeep-katta @SparkQA @srowen @dongjoon-hyun