search

databricks / spark-xml

XML data source for Spark SQL and DataFrames
Apache License 2.0
500 stars 226 forks source link

Upgrade SBT version #613

Closed ganeshchand closed 1 year ago

ganeshchand commented 1 year ago

The project currently uses SBT version 1.2.8. I think we should upgrade to at least 1.6.1 which updates log4j 2 to 2.17.1, which fixes a remote code execution vulnerability or any version > 1.6.1. Let me know if there is any preference to upgrade to any specific version and I will be happy to work on it.

srowen commented 1 year ago

Last time I tried it I was not able to update past 1.2.8. Go ahead and try. I don't think there is any exposure to log4j here but sure.

On Tue, Dec 20, 2022, 12:01 PM Ganesh Chand @.***> wrote:

The project currently uses SBT version 1.2.8. I think we should upgrade to at least 1.6.1 which updates log4j 2 to 2.17.1, which fixes a remote code execution vulnerability or any version > 1.6.1. Let me know if there is any preference to upgrade to any specific version and I will be happy to work on it.

— Reply to this email directly, view it on GitHub https://github.com/databricks/spark-xml/issues/613, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAGIZ6WOMTHQL5SSS5HUURTWOH7BTANCNFSM6AAAAAATE2J6WY . You are receiving this because you are subscribed to this thread.Message ID: @.***>

ganeshchand commented 1 year ago

I just tried with 1.6.2 and I was able to test and package. Let me work on it and submit the PR.

ganeshchand commented 1 year ago

@srowen I just submitted the PR