[SPARK-18586][BUILD] netty-3.8.0.Final.jar has vulnerability CVE-2014-3488 and CVE-2014-0193

## What changes were proposed in this pull request? Force update to latest Netty 3.9.x, for dependencies like Flume, to resolve two CVEs. 3.9.2 is the first version that resolves both, and, this is the latest in the 3.9.x line. ## How was this patch tested? Existing tests Author: Sean Owen <sowen@cloudera.com> Closes #16102 from srowen/SPARK-18586.
author: Sean Owen <sowen@cloudera.com> 2016-12-03 09:53:47 +0000
committer: Sean Owen <sowen@cloudera.com> 2016-12-03 09:53:47 +0000
commit: 553aac56bd5284e84391c05e2ef54d8bd7ad3a12 (patch)
tree: fd1c9e8c47b0f4769746b0e28e4c9b4cc6229a04 /dev/deps/spark-deps-hadoop-2.7
parent: 7c33b0fd050f3d2b08c1cfd7efbff8166832c1af (diff)
download: spark-553aac56bd5284e84391c05e2ef54d8bd7ad3a12.tar.gz
spark-553aac56bd5284e84391c05e2ef54d8bd7ad3a12.tar.bz2
spark-553aac56bd5284e84391c05e2ef54d8bd7ad3a12.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/dev/deps/spark-deps-hadoop-2.7 b/dev/deps/spark-deps-hadoop-2.7
index b129e5a99e..77fb5370d9 100644
--- a/dev/deps/spark-deps-hadoop-2.7
+++ b/dev/deps/spark-deps-hadoop-2.7
@@ -138,7 +138,7 @@ metrics-json-3.1.2.jar
 metrics-jvm-3.1.2.jar
 minlog-1.3.0.jar
 mx4j-3.0.2.jar
-netty-3.8.0.Final.jar
+netty-3.9.9.Final.jar
 netty-all-4.0.42.Final.jar
 objenesis-2.1.jar
 opencsv-2.3.jar
author	Sean Owen <sowen@cloudera.com>	2016-12-03 09:53:47 +0000
committer	Sean Owen <sowen@cloudera.com>	2016-12-03 09:53:47 +0000
commit	553aac56bd5284e84391c05e2ef54d8bd7ad3a12 (patch)
tree	fd1c9e8c47b0f4769746b0e28e4c9b4cc6229a04 /dev/deps/spark-deps-hadoop-2.7
parent	7c33b0fd050f3d2b08c1cfd7efbff8166832c1af (diff)
download	spark-553aac56bd5284e84391c05e2ef54d8bd7ad3a12.tar.gz spark-553aac56bd5284e84391c05e2ef54d8bd7ad3a12.tar.bz2 spark-553aac56bd5284e84391c05e2ef54d8bd7ad3a12.zip