[SPARK-35326][BUILD] Upgrade Jersey to 2.34
### What changes were proposed in this pull request? This PR upgrades Jersey to 2.34. ### Why are the changes needed? CVE-2021-28168, a local information disclosure vulnerability, is reported (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28168). Spark 3.1.1, 3.0.2 and 3.2.0 use an affected version 2.30. ### Does this PR introduce _any_ user-facing change? It's not clear how much the impact is but Spark uses an affected version of Jersey so I think it's better to upgrade it just in case. ### How was this patch tested? CI. Closes #32453 from sarutak/upgrade-jersey. Authored-by: Kousuke Saruta <sarutak@oss.nttdata.com> Signed-off-by: Dongjoon Hyun <dhyun@apple.com>
This commit is contained in:
parent
dfb3343423
commit
bb93547cdf
2
pom.xml
2
pom.xml
|
@ -185,7 +185,7 @@
|
||||||
<datanucleus-core.version>4.1.17</datanucleus-core.version>
|
<datanucleus-core.version>4.1.17</datanucleus-core.version>
|
||||||
<guava.version>14.0.1</guava.version>
|
<guava.version>14.0.1</guava.version>
|
||||||
<janino.version>3.0.16</janino.version>
|
<janino.version>3.0.16</janino.version>
|
||||||
<jersey.version>2.30</jersey.version>
|
<jersey.version>2.34</jersey.version>
|
||||||
<joda.version>2.10.5</joda.version>
|
<joda.version>2.10.5</joda.version>
|
||||||
<jodd.version>3.5.2</jodd.version>
|
<jodd.version>3.5.2</jodd.version>
|
||||||
<jsr305.version>3.0.0</jsr305.version>
|
<jsr305.version>3.0.0</jsr305.version>
|
||||||
|
|
Loading…
Reference in a new issue