[pull] master from apache:master #1118
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### What changes were proposed in this pull request? This PR aims to escape user name displayed in historypage. ### Why are the changes needed? Similar to the issue resolved in #52851, user name should also get escaped because arbitrary user name can be set through the env var `SPARK_USER`. ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? User name displayed in historypage is escaped even if the name is like `<script>alert('XSS')</script>` ### Was this patch authored or co-authored using generative AI tooling? No. Closes #53364 from sarutak/fix-username-xss. Authored-by: Kousuke Saruta <sarutak@amazon.co.jp> Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
### What changes were proposed in this pull request? This PR proposes to upgrade gson from `2.11.0` to `2.13.2` Changes after `2.11.0`: * 2.12.0: https://github.com/google/gson/releases/tag/gson-parent-2.12.0 * 2.12.1: https://github.com/google/gson/releases/tag/gson-parent-2.12.1 * 2.13.0: https://github.com/google/gson/releases/tag/gson-parent-2.13.0 * 2.13.1: https://github.com/google/gson/releases/tag/gson-parent-2.13.1 * 2.13.2: https://github.com/google/gson/releases/tag/gson-parent-2.13.2 ### Why are the changes needed? To keep the dependency latest. ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? GA. ### Was this patch authored or co-authored using generative AI tooling? No. Closes #53367 from sarutak/upgrade-gson-2.13.2. Authored-by: Kousuke Saruta <sarutak@amazon.co.jp> Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
…on copying ### What changes were proposed in this pull request? This PR aims to check offset and length on copying in `UTF8String#reverse`. For details, see https://lists.apache.org/thread/d9pvkh3jbsq8lc33v75kmwq5wg57422h (Only PMC members can read with login). To avoid performance regression, this PR choose to check offset and length rather than validate the input UTF-8 string. ### Why are the changes needed? For safety. ### Does this PR introduce _any_ user-facing change? Yes, but doesn't break compatibility. ### How was this patch tested? Example queries mentioned in [this thread](https://lists.apache.org/thread/d9pvkh3jbsq8lc33v75kmwq5wg57422h) works even though the results are broken. All the operation defined in `UTF8String` are expected to work correctly with valid UTF-8 strings so the broken results with invalid UTF-8 strings should be reasonable. ### Was this patch authored or co-authored using generative AI tooling? No. Closes #53366 from sarutak/fix-utf8-reverse. Authored-by: Kousuke Saruta <sarutak@amazon.co.jp> Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
…servation blocking ### What changes were proposed in this pull request? This patch adds a safety check into `ObservationManager.tryComplete` to avoid Observation blocking. ### Why are the changes needed? We got reports that for some corner cases `Observation.get` will be blocked forever. It is not deadlock case after investigation. If the `CollectMetricsExec` operator was optimized away, e.g., the executed plan was optimized to have some empty relation propagation on top of plan tree of `CollectMetricsExec`, Spark won't fulfill the promise in `Observation` and `get` calls will be blocked forever. ### Does this PR introduce _any_ user-facing change? Yes. Previously for some corner cases `Observation.get` call will be blocked forever. After this change, `get` will return an empty map. ### How was this patch tested? Unit tests ### Was this patch authored or co-authored using generative AI tooling? No Closes #53358 from viirya/fix_observation_blocking. Authored-by: Liang-Chi Hsieh <viirya@gmail.com> Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )