From 553aac56bd5284e84391c05e2ef54d8bd7ad3a12 Mon Sep 17 00:00:00 2001
From: Sean Owen <sowen@cloudera.com>
Date: Sat, 3 Dec 2016 09:53:47 +0000
Subject: [SPARK-18586][BUILD] netty-3.8.0.Final.jar has vulnerability
 CVE-2014-3488 and CVE-2014-0193

## What changes were proposed in this pull request?

Force update to latest Netty 3.9.x, for dependencies like Flume, to resolve two CVEs. 3.9.2 is the first version that resolves both, and, this is the latest in the 3.9.x line.

## How was this patch tested?

Existing tests

Author: Sean Owen <sowen@cloudera.com>

Closes #16102 from srowen/SPARK-18586.
---
 dev/deps/spark-deps-hadoop-2.7 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'dev/deps/spark-deps-hadoop-2.7')

diff --git a/dev/deps/spark-deps-hadoop-2.7 b/dev/deps/spark-deps-hadoop-2.7
index b129e5a99e..77fb5370d9 100644
--- a/dev/deps/spark-deps-hadoop-2.7
+++ b/dev/deps/spark-deps-hadoop-2.7
@@ -138,7 +138,7 @@ metrics-json-3.1.2.jar
 metrics-jvm-3.1.2.jar
 minlog-1.3.0.jar
 mx4j-3.0.2.jar
-netty-3.8.0.Final.jar
+netty-3.9.9.Final.jar
 netty-all-4.0.42.Final.jar
 objenesis-2.1.jar
 opencsv-2.3.jar
-- 
cgit v1.2.3