[ZEPPELIN-5714] Upgrade Spring Framework in zeppelin-livy-0.10.x.jar - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Blocker
Resolution: Unresolved
Affects Version/s: 0.10.0, 0.10.1
Fix Version/s: None
Component/s: livy-interpreter
Labels:
- ossca2022

Description

We should upgrade the Spring version at Zepelin Livy jar because of cve-2022-22965. The Qualys Scanner finds these packages and raises a warning because of the existence of these files on the system.

The found files are: /usr/lib/zeppelin/interpreter/livy/zeppelin-livy-0.10.0.jar (org/springframework/beans/CachedIntrospectionResults.class): CachedIntrospectionResults.class spring 4.3.0-4.3.2

More Information:
Spring Framework: https://spring.io/projects/spring-framework
Spring project spring-framework release notes: https://github.com/spring-projects/spring-framework/releases
CVE-2022-22965: https://tanzu.vmware.com/security/cve-2022-22965

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Jason-Morries Adam

Votes:: 2 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 12/Apr/22 13:37

Updated:: 05/Feb/24 10:43