[SPARK-11652][CORE] Remote code execution with InvokerTransformer

Update to Commons Collections 3.2.2 to avoid any potential remote code execution vulnerability Author: Sean Owen <sowen@cloudera.com> Closes #9731 from srowen/SPARK-11652.
2015-11-18 08:59:20 +00:00 · 2015-11-18 08:59:20 +00:00 · 9631ca3527
parent e62820c85f
commit 9631ca3527
1 changed files with 7 additions and 0 deletions
--- a/pom.xml
+++ b/pom.xml
@ -162,6 +162,8 @@
    <!--  commons-httpclient/commons-httpclient-->
    <httpclient.classic.version>3.1</httpclient.classic.version>
    <commons.math3.version>3.4.1</commons.math3.version>
+    <!-- managed up from 3.2.1 for SPARK-11652 -->
+    <commons.collections.version>3.2.2</commons.collections.version>
    <scala.version>2.10.5</scala.version>
    <scala.binary.version>2.10</scala.binary.version>
    <jline.version>${scala.version}</jline.version>
@ -475,6 +477,11 @@
        <artifactId>commons-math3</artifactId>
        <version>${commons.math3.version}</version>
      </dependency>
+      <dependency>
+        <groupId>org.apache.commons</groupId>
+        <artifactId>commons-collections</artifactId>
+        <version>${commons.collections.version}</version>
+      </dependency>
      <dependency>
        <groupId>org.apache.ivy</groupId>
        <artifactId>ivy</artifactId>