spark-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen Hellberg <hell...@uk.ibm.com>
Subject Jetty 9.3 CVE to be avoided...
Date Fri, 01 Jul 2016 16:03:20 GMT
To anyone contemplating an upgrade of the Jetty component in use with Apache
Spark, please be aware of  CVE-2016-4800
<http://www.ocert.org/advisories/ocert-2016-001.html>  , and ensure that you
are attempting to only integrate a version of the Jetty 9.3 stream that is
*9.3.9* /or later/.

Hopefully forewarned is forearmed; no need to expose vulnerabilities
unnecessarily!  ;-)



--
View this message in context: http://apache-spark-developers-list.1001551.n3.nabble.com/Jetty-9-3-CVE-to-be-avoided-tp18151.html
Sent from the Apache Spark Developers List mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe e-mail: dev-unsubscribe@spark.apache.org


Mime
View raw message