Skip to content

[SPARK-41030][BUILD][3.2] Upgrade Apache Ivy to 2.5.1#39371

Closed
bjornjorgensen wants to merge 2 commits into
apache:branch-3.2from
bjornjorgensen:ivy.version_2.5.1
Closed

[SPARK-41030][BUILD][3.2] Upgrade Apache Ivy to 2.5.1#39371
bjornjorgensen wants to merge 2 commits into
apache:branch-3.2from
bjornjorgensen:ivy.version_2.5.1

Conversation

@bjornjorgensen

@bjornjorgensen bjornjorgensen commented Jan 3, 2023
edited
Loading

Copy link
Copy Markdown
Contributor

What changes were proposed in this pull request?

Upgrade Apache Ivy from 2.5.0 to 2.5.1
Release notes

Why are the changes needed?

CVE-2022-37865 This is a 9.1 CRITICAL
and
CVE-2022-37866

Does this PR introduce any user-facing change?

No.

How was this patch tested?

Pass GA

@github-actions github-actions Bot added the BUILD label Jan 3, 2023
@bjornjorgensen

bjornjorgensen commented Jan 3, 2023
edited
Loading

Copy link
Copy Markdown
Contributor Author

@kyle-ai2

I will ping Sean, Hyukjin and dongjoon-hyun when all the tests have passed.

@bjornjorgensen bjornjorgensen changed the title [SPARK-41030][BUILD][3.2] Upgrade Apache Ivy to 2.5.1 [SPARK-41030][BUILD][3.2] Upgrade Apache Ivy to 2.5.1 Jan 3, 2023
@bjornjorgensen

bjornjorgensen commented Jan 3, 2023
edited
Loading

Copy link
Copy Markdown
Contributor Author

This is a backport of #38539

This one is for 3.3 19824cf

dongjoon-hyun
dongjoon-hyun approved these changes Jan 3, 2023
View reviewed changes

@dongjoon-hyun dongjoon-hyun left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1, LGTM (Pending CIs).
Thank you, @bjornjorgensen .

dongjoon-hyun
dongjoon-hyun reviewed Jan 4, 2023
View reviewed changes

@dongjoon-hyun dongjoon-hyun left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I fixed the linter failure here.

Merged to branch-3.2.

dongjoon-hyun pushed a commit that referenced this pull request Jan 4, 2023
@bjornjorgensen @dongjoon-hyun
[SPARK-41030][BUILD][3.2] Upgrade Apache Ivy to 2.5.1
736964e 
### What changes were proposed in this pull request?
Upgrade `Apache Ivy` from 2.5.0 to 2.5.1
[Release  notes](https://ant.apache.org/ivy/history/2.5.1/release-notes.html)

### Why are the changes needed?
[CVE-2022-37865](https://nvd.nist.gov/vuln/detail/CVE-2022-37865) This is a [9.1 CRITICAL](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-37865&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H&version=3.1&source=NIST)
and
[CVE-2022-37866](https://nvd.nist.gov/vuln/detail/CVE-2022-37866)
### Does this PR introduce _any_ user-facing change?
No.

### How was this patch tested?
Pass GA

Closes #39371 from bjornjorgensen/ivy.version_2.5.1.

Lead-authored-by: Bjørn Jørgensen <bjornjorgensen@gmail.com>
Co-authored-by: Bjørn <bjornjorgensen@gmail.com>
Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
@dongjoon-hyun

dongjoon-hyun commented Jan 4, 2023

Copy link
Copy Markdown
Member

Thank you, @bjornjorgensen and @HyukjinKwon

@bjornjorgensen bjornjorgensen deleted the ivy.version_2.5.1 branch January 4, 2023 12:21
@kyle-ai2

kyle-ai2 commented Jan 4, 2023

Copy link
Copy Markdown

Thanks everyone. Will this be released in a new Spark 3.2.4 image?

@bjornjorgensen

bjornjorgensen commented Jan 4, 2023

Copy link
Copy Markdown
Contributor Author

@kyle-ai2 Yes, this PR is a part of the 3.2 branch now.

@dongjoon-hyun

dongjoon-hyun commented Jan 4, 2023

Copy link
Copy Markdown
Member

BTW, v3.2.4 is expected on April 2023 as EOL release according to the release cadence.

@dongjoon-hyun

dongjoon-hyun commented Jan 4, 2023

Copy link
Copy Markdown
Member

Before v3.2.4,

  • v3.3.2 will arrive on Feb/March timeframe
  • v3.4.0 feature freeze will start on January 16th and RC will start on February.

@dongjoon-hyun

dongjoon-hyun commented Jan 4, 2023

Copy link
Copy Markdown
Member

Apache Spark community always recommends to use the latest one. In case of SPARK-41030, v3.3.2 is the fastest release with that.

sunchao pushed a commit to sunchao/spark that referenced this pull request Jun 2, 2023
@bjornjorgensen @sunchao
[SPARK-41030][BUILD][3.2] Upgrade Apache Ivy to 2.5.1
ff46796 
### What changes were proposed in this pull request?
Upgrade `Apache Ivy` from 2.5.0 to 2.5.1
[Release  notes](https://ant.apache.org/ivy/history/2.5.1/release-notes.html)

### Why are the changes needed?
[CVE-2022-37865](https://nvd.nist.gov/vuln/detail/CVE-2022-37865) This is a [9.1 CRITICAL](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-37865&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H&version=3.1&source=NIST)
and
[CVE-2022-37866](https://nvd.nist.gov/vuln/detail/CVE-2022-37866)
### Does this PR introduce _any_ user-facing change?
No.

### How was this patch tested?
Pass GA

Closes apache#39371 from bjornjorgensen/ivy.version_2.5.1.

Lead-authored-by: Bjørn Jørgensen <bjornjorgensen@gmail.com>
Co-authored-by: Bjørn <bjornjorgensen@gmail.com>
Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dongjoon-hyun dongjoon-hyun dongjoon-hyun approved these changes
@HyukjinKwon HyukjinKwon HyukjinKwon approved these changes

Assignees

No one assigned

Labels

BUILD

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bjornjorgensen @dongjoon-hyun @kyle-ai2 @HyukjinKwon