From 1e7385cdf3b1d47c4afbf78f417eae5a69fbda95 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Fri, 31 Jan 2025 15:11:17 +0000
Subject: [PATCH] Fix CVE caused by jetty-http introduced in spark-core (#508)

Signed-off-by: Zan Niu <zaniu@amazon.com>
(cherry picked from commit 9cb89f6dd35f54c9c472c2e01c31e76ece51ca93)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
---
 build.gradle | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index 299f8d17..08410483 100644
--- a/build.gradle
+++ b/build.gradle
@@ -222,7 +222,8 @@ task addSparkJar(type: Copy) {
         }
         // Remove the unwanted directory from jar B
         delete file("${jarBContents}/org/apache/spark/unused")
-
+        delete file("${jarBContents}/org/sparkproject/jetty/http")
+        delete file("${jarBContents}/META-INF/maven/org.eclipse.jetty/jetty-http")
         // Re-compress jar B
         ant.zip(destfile: jarB, baseDir: jarBContents)