ODIn/spark-instrumented-optimizer
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[SPARK-35326][BUILD] Upgrade Jersey to 2.34

Browse source 
### What changes were proposed in this pull request?

This PR upgrades Jersey to 2.34.

### Why are the changes needed?

CVE-2021-28168, a local information disclosure vulnerability, is reported (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28168).
Spark 3.1.1, 3.0.2 and 3.2.0 use an affected version 2.30.

### Does this PR introduce _any_ user-facing change?

It's not clear how much the impact is but Spark uses an affected version of Jersey so I think it's better to upgrade it just in case.

### How was this patch tested?

CI.

Closes #32453 from sarutak/upgrade-jersey.

Authored-by: Kousuke Saruta <sarutak@oss.nttdata.com>
Signed-off-by: Dongjoon Hyun <dhyun@apple.com>
This commit is contained in:
Kousuke Saruta 2021-05-06 08:36:32 -07:00 committed by Dongjoon Hyun
parent dfb3343423
commit bb93547cdf
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pom.xml
View file

@ -185,7 +185,7 @@
<datanucleus-core.version>4.1.17</datanucleus-core.version> <datanucleus-core.version>4.1.17</datanucleus-core.version>
<guava.version>14.0.1</guava.version> <guava.version>14.0.1</guava.version>
<janino.version>3.0.16</janino.version> <janino.version>3.0.16</janino.version>
<jersey.version>2.30</jersey.version> <jersey.version>2.34</jersey.version>
<joda.version>2.10.5</joda.version> <joda.version>2.10.5</joda.version>
<jodd.version>3.5.2</jodd.version> <jodd.version>3.5.2</jodd.version>
<jsr305.version>3.0.0</jsr305.version> <jsr305.version>3.0.0</jsr305.version>