Skip to content

Commit

Permalink
Fix CVE caused by jetty-http introduced in spark-core (#508) (#509)
Browse files Browse the repository at this point in the history 
(cherry picked from commit 9cb89f6)

Signed-off-by: Zan Niu <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
  • Loading branch information
@opensearch-trigger-bot @github-actions
opensearch-trigger-bot[bot] and github-actions[bot] authored Jan 31, 2025
1 parent 55d41d5 commit 5da556a
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,8 @@ task addSparkJar(type: Copy) {
}
// Remove the unwanted directory from jar B
delete file("${jarBContents}/org/apache/spark/unused")

delete file("${jarBContents}/org/sparkproject/jetty/http")
delete file("${jarBContents}/META-INF/maven/org.eclipse.jetty/jetty-http")
// Re-compress jar B
ant.zip(destfile: jarB, baseDir: jarBContents)

Expand Down

0 comments on commit 5da556a

Please sign in to comment.