diff options
| author | Sean Owen <sowen@cloudera.com> | 2016-12-03 09:53:47 +0000 |
|---|---|---|
| committer | Sean Owen <sowen@cloudera.com> | 2016-12-03 09:53:47 +0000 |
| commit | 553aac56bd5284e84391c05e2ef54d8bd7ad3a12 (patch) | |
| tree | fd1c9e8c47b0f4769746b0e28e4c9b4cc6229a04 | |
| parent | 7c33b0fd050f3d2b08c1cfd7efbff8166832c1af (diff) | |
| download | spark-553aac56bd5284e84391c05e2ef54d8bd7ad3a12.tar.gz spark-553aac56bd5284e84391c05e2ef54d8bd7ad3a12.tar.bz2 spark-553aac56bd5284e84391c05e2ef54d8bd7ad3a12.zip | |
[SPARK-18586][BUILD] netty-3.8.0.Final.jar has vulnerability CVE-2014-3488 and CVE-2014-0193
## What changes were proposed in this pull request?
Force update to latest Netty 3.9.x, for dependencies like Flume, to resolve two CVEs. 3.9.2 is the first version that resolves both, and, this is the latest in the 3.9.x line.
## How was this patch tested?
Existing tests
Author: Sean Owen <sowen@cloudera.com>
Closes #16102 from srowen/SPARK-18586.
| -rw-r--r-- | dev/deps/spark-deps-hadoop-2.2 | 2 | ||||
| -rw-r--r-- | dev/deps/spark-deps-hadoop-2.3 | 2 | ||||
| -rw-r--r-- | dev/deps/spark-deps-hadoop-2.4 | 2 | ||||
| -rw-r--r-- | dev/deps/spark-deps-hadoop-2.6 | 2 | ||||
| -rw-r--r-- | dev/deps/spark-deps-hadoop-2.7 | 2 | ||||
| -rw-r--r-- | pom.xml | 2 |
6 files changed, 6 insertions, 6 deletions
diff --git a/dev/deps/spark-deps-hadoop-2.2 b/dev/deps/spark-deps-hadoop-2.2 index 89bfcef4d9..afbdae0554 100644 --- a/dev/deps/spark-deps-hadoop-2.2 +++ b/dev/deps/spark-deps-hadoop-2.2 @@ -122,7 +122,7 @@ metrics-graphite-3.1.2.jar metrics-json-3.1.2.jar metrics-jvm-3.1.2.jar minlog-1.3.0.jar -netty-3.8.0.Final.jar +netty-3.9.9.Final.jar netty-all-4.0.42.Final.jar objenesis-2.1.jar opencsv-2.3.jar diff --git a/dev/deps/spark-deps-hadoop-2.3 b/dev/deps/spark-deps-hadoop-2.3 index 8df3858825..adf3863f67 100644 --- a/dev/deps/spark-deps-hadoop-2.3 +++ b/dev/deps/spark-deps-hadoop-2.3 @@ -129,7 +129,7 @@ metrics-json-3.1.2.jar metrics-jvm-3.1.2.jar minlog-1.3.0.jar mx4j-3.0.2.jar -netty-3.8.0.Final.jar +netty-3.9.9.Final.jar netty-all-4.0.42.Final.jar objenesis-2.1.jar opencsv-2.3.jar diff --git a/dev/deps/spark-deps-hadoop-2.4 b/dev/deps/spark-deps-hadoop-2.4 index 71e7fb6dd2..88e6b3fca0 100644 --- a/dev/deps/spark-deps-hadoop-2.4 +++ b/dev/deps/spark-deps-hadoop-2.4 @@ -129,7 +129,7 @@ metrics-json-3.1.2.jar metrics-jvm-3.1.2.jar minlog-1.3.0.jar mx4j-3.0.2.jar -netty-3.8.0.Final.jar +netty-3.9.9.Final.jar netty-all-4.0.42.Final.jar objenesis-2.1.jar opencsv-2.3.jar diff --git a/dev/deps/spark-deps-hadoop-2.6 b/dev/deps/spark-deps-hadoop-2.6 index ba31391495..15c5d9f205 100644 --- a/dev/deps/spark-deps-hadoop-2.6 +++ b/dev/deps/spark-deps-hadoop-2.6 @@ -137,7 +137,7 @@ metrics-json-3.1.2.jar metrics-jvm-3.1.2.jar minlog-1.3.0.jar mx4j-3.0.2.jar -netty-3.8.0.Final.jar +netty-3.9.9.Final.jar netty-all-4.0.42.Final.jar objenesis-2.1.jar opencsv-2.3.jar diff --git a/dev/deps/spark-deps-hadoop-2.7 b/dev/deps/spark-deps-hadoop-2.7 index b129e5a99e..77fb5370d9 100644 --- a/dev/deps/spark-deps-hadoop-2.7 +++ b/dev/deps/spark-deps-hadoop-2.7 @@ -138,7 +138,7 @@ metrics-json-3.1.2.jar metrics-jvm-3.1.2.jar minlog-1.3.0.jar mx4j-3.0.2.jar -netty-3.8.0.Final.jar +netty-3.9.9.Final.jar netty-all-4.0.42.Final.jar objenesis-2.1.jar opencsv-2.3.jar @@ -557,7 +557,7 @@ <dependency> <groupId>io.netty</groupId> <artifactId>netty</artifactId> - <version>3.8.0.Final</version> + <version>3.9.9.Final</version> </dependency> <dependency> <groupId>org.apache.derby</groupId> |