Skip to content

Commit

Permalink
[SPARK-39540][BUILD] Upgrade mysql-connector-java to 8.0.29
Browse files Browse the repository at this point in the history 
### What changes were proposed in this pull request?
Upgrade mysql-connector-java from 8.0.27 to 8.0.29

### Why are the changes needed?
Improper Handling of Insufficient Permissions or Privileges in MySQL Connectors Java.

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

[CVE-2022-21363](https://nvd.nist.gov/vuln/detail/CVE-2022-21363)

### Does this PR introduce _any_ user-facing change?
No.

### How was this patch tested?
Pass GA

Closes apache#36938 from bjornjorgensen/Upgrade-mysql-connector-java-to-8.0.28.

Lead-authored-by: Bjørn Jørgensen <bjornjorgensen@gmail.com>
Co-authored-by: Bjørn Jørgensen <47577197+bjornjorgensen@users.noreply.github.com>
Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
  • Loading branch information
@bjornjorgensen @dongjoon-hyun
2 people authored and dongjoon-hyun committed Jun 22, 2022
1 parent b588d07 commit 068809d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1218,7 +1218,7 @@
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.27</version>
<version>8.0.29</version>
<scope>test</scope>
</dependency>
<dependency>
Expand Down

0 comments on commit 068809d

Please sign in to comment.