[SPARK-44070][BUILD] Bump snappy-java 1.1.10.1 #41616
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dongjoon-hyun
approved these changes
Jun 15, 2023
Member
dongjoon-hyun
left a comment
dongjoon-hyun
left a comment
There was a problem hiding this comment.
+1, LGTM (Pending CIs). Thank you always, @pan3793 .
Member
|
Could you re-trigger the failed pipeline, please, @pan3793 ? |
HyukjinKwon
approved these changes
Jun 15, 2023
yaooqinn
approved these changes
Jun 16, 2023
LuciferYang
approved these changes
Jun 16, 2023
LuciferYang
changed the title
wangyum
approved these changes
Jun 16, 2023
Member
|
Merged to master and branch-3.4. |
wangyum
added a commit
that referenced
this pull request
Jun 16, 2023
### What changes were proposed in this pull request? Bump snappy-java from 1.1.10.0 to 1.1.10.1. ### Why are the changes needed? This mostly is a security version, the notable changes are CVE fixing. - CVE-2023-34453 Integer overflow in shuffle - CVE-2023-34454 Integer overflow in compress - CVE-2023-34455 Unchecked chunk length Full changelog: https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass GA. Closes #41616 from pan3793/SPARK-44070. Authored-by: Cheng Pan <[email protected]> Signed-off-by: Yuming Wang <[email protected]> (cherry picked from commit 0502a42) Signed-off-by: Yuming Wang <[email protected]>
Member
|
Thank you all! |
Member
|
It seems that |
Member
It is back to normal. |
czxm
pushed a commit
to czxm/spark
that referenced
this pull request
Jun 19, 2023
### What changes were proposed in this pull request? Bump snappy-java from 1.1.10.0 to 1.1.10.1. ### Why are the changes needed? This mostly is a security version, the notable changes are CVE fixing. - CVE-2023-34453 Integer overflow in shuffle - CVE-2023-34454 Integer overflow in compress - CVE-2023-34455 Unchecked chunk length Full changelog: https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass GA. Closes apache#41616 from pan3793/SPARK-44070. Authored-by: Cheng Pan <[email protected]> Signed-off-by: Yuming Wang <[email protected]>
snmvaughan
pushed a commit
to snmvaughan/spark
that referenced
this pull request
Jun 20, 2023
### What changes were proposed in this pull request? Bump snappy-java from 1.1.10.0 to 1.1.10.1. ### Why are the changes needed? This mostly is a security version, the notable changes are CVE fixing. - CVE-2023-34453 Integer overflow in shuffle - CVE-2023-34454 Integer overflow in compress - CVE-2023-34455 Unchecked chunk length Full changelog: https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass GA. Closes apache#41616 from pan3793/SPARK-44070. Authored-by: Cheng Pan <[email protected]> Signed-off-by: Yuming Wang <[email protected]> (cherry picked from commit 0502a42) Signed-off-by: Yuming Wang <[email protected]>
GladwinLee
pushed a commit
to lyft/spark
that referenced
this pull request
Oct 10, 2023
### What changes were proposed in this pull request? Bump snappy-java from 1.1.10.0 to 1.1.10.1. ### Why are the changes needed? This mostly is a security version, the notable changes are CVE fixing. - CVE-2023-34453 Integer overflow in shuffle - CVE-2023-34454 Integer overflow in compress - CVE-2023-34455 Unchecked chunk length Full changelog: https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass GA. Closes apache#41616 from pan3793/SPARK-44070. Authored-by: Cheng Pan <[email protected]> Signed-off-by: Yuming Wang <[email protected]> (cherry picked from commit 0502a42) Signed-off-by: Yuming Wang <[email protected]>
catalinii
pushed a commit
to lyft/spark
that referenced
this pull request
Oct 10, 2023
### What changes were proposed in this pull request? Bump snappy-java from 1.1.10.0 to 1.1.10.1. ### Why are the changes needed? This mostly is a security version, the notable changes are CVE fixing. - CVE-2023-34453 Integer overflow in shuffle - CVE-2023-34454 Integer overflow in compress - CVE-2023-34455 Unchecked chunk length Full changelog: https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass GA. Closes apache#41616 from pan3793/SPARK-44070. Authored-by: Cheng Pan <[email protected]> Signed-off-by: Yuming Wang <[email protected]> (cherry picked from commit 0502a42) Signed-off-by: Yuming Wang <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What changes were proposed in this pull request?
Bump snappy-java from 1.1.10.0 to 1.1.10.1.
Why are the changes needed?
This mostly is a security version, the notable changes are CVE fixing.
Full changelog: https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1
Does this PR introduce any user-facing change?
No.
How was this patch tested?
Pass GA.