CVE-2019-8457

Advisory

Synapseml 0.9.0 updates its dependency 'openjdk' to include several security fixes.
https://github.com/microsoft/SynapseML/commit/de4b47b8b6643575eb8dec470dec0dadfd1d836b

Affected package

Affected versions

Fixed versions

Vulnerability changelog

Acknowledgements
We would like to acknowledge the developers and contributors, both internal and external who helped create this version of MMLSpark.\n



Changes:

* 5fc65abbe43f520529970d2173f671e39004e510 chore: bump version numbers (1203)
* 993da81a0ab947a65cabea89fb9cc0a52d4498bb chore: Fix pom for sbt dependencies (1202)
* 327be83c6c711d3cba3be84cda85b997dd087c44 feat: Update Text Analytics API to V3.1 (1193)
* 661057752d7baea4592842ba5af05fbdc6f3bd9c fix: fix setLinkedService in Synapse
* e08a8e2918fbf62ec2e83ddfa709023006edb0ba chore: Add script to clean and back up ACR
* d85aae8dbe489b20299892406be32c32a73c362f fix: fix cognitive service errors (1176)
* c6925dbb87b6e7c65a8b9c9c9a4b2d0161a770aa fix: fix anomaly detector test cases
* b52c36101f9eecc9f306b16ebef1b03700ad421c fix: rename NERPii to PII
* 2ce1ba6be91e2f39b2ad97550685efd474e979b6 fix: fix scala style error
* 1000fdb38ddbfbd2f4b4b52870d22b260e1e25df feat: add NERPii
<details><summary><b>See More</b></summary>

* 4682199012edc35b1ccefad7167b7aee3c844106 fix: fix cog service test flakes
* 0c4d32d4b25cbd6c32d65c7fce0f0bca95a0ff2e doc: add predictive maintenence notebook
* 80889120ff06f242310e1778130cac0ed47f30fd fix: fix setLinkedService issues in Synapse (1177)
* 2d65668b194f4cbcf070302765227352379844a0 update notebook link
* 586e6761bb242fa7124e13845c030b24648ebf42 chore: fix bug in testgen parallelism
* 5ed9a8cfab0a20b18eed982dcfcc02beae69032c chore: testing new build
* f00272ec2dc402ce5521ae5f721195c168e82323 chore: disable failing synapse e2e tests
* fdf756292c6e3679be602ef30faa8993fad65c50 chore: fix flaky serialization fuzzing test
* f5b9c5ee67b67f9913d72eafaaa13f3175967d38 chore: disable failing doc translator test
* 3ae67abdfee5f0bedd89a086b82101e7153b3b9c feat: Add Infrastructure to Run Tests on Synapse (1014)
* de4b47b8b6643575eb8dec470dec0dadfd1d836b Security upgrade required for openjdk from 8-alpine to 17-ea-22-jdk-oracle (1165)
* 21d5ec86c6fa5c4be7d627d77c56567f233c9013 docs: Adding document and notebooks for ONNXModel (1164)
* 1f9135f40b76f894b8bcea5983ba8ca37249e123 feat: rename Read to ReadImage (1163)
* 8ec07e72d85f4fcc03b51d263856823eda7f7874 fix: improve LGBM error message for invalid slot names (1160)
* 448f893684e1f503b6c5cf0d3e3543aa80b61163 feat: ONNX model inference on Spark (1152)
* a5135b2ed9bba9f785764f115df6bbeeba7c3797 feat: update DocumentTranslator to support setLinkedService in Synapse (1151)
* d5470ffecf1778a6f9ba2df32b0f07049b582e7c chore: fix flakiness in python tests (1144)
* 204799258ca23539a275bdc9ee155a6090460f93 update Cognitive Services - Overview notebook (1126)
* 6ef2d28a9a3d57d63e40202e3d50ba15ae9ee3d0 fix: flaky lime test
* 5a6f8946ec24d9f3aa957b19c6c3d8b10160a7db fix: fix flaky conversation transcription test
* cf1281d0014bb6e88c0d9f0411e5b6d6a23b4d4e build: add two teired security for build secrets
* 8eda1df878256eb68e5921eef9f0c8b6bfef5bb6 feat: add setLinkedService (1136)
* 4167921e646619186bc5ae90f2544ddffb0068ed fix: fix SpeechToTextSDK setLinedService (1138)
* 87ec5f7442e2fca4003c952d191d0ea5f7d61eac fix: fix generated python code (1121)
* 84d8d246a2c853e00743db1ea2341c47fcef67dd feat: add translator (1108)
* d287be6185ca2e2a9a7fe9940a592eda362e727d fix: update notebookUtils class path (1118)
* 0f69cf5ac9e12db78ccee67c8fc768ef3b864cb8 feat: add singleton dataset mode for faster performance and use old sparse dataset create method to reduce memory usage (1066)
* 41bfd055175f6c8f3aee437b89ca1083f394d20c fix: LIME returns NaN weight if a feature contains a single value or when the sampler cannot obtain a different state for a feature due to data skew. It returns zero weights for all other features. (1117)
* fe70f31766818d39ae059ef2e4473735014f8168 fix: fix Guava version issue in Azure Synapse and Databricks (1103)
* 115f9214562b1f9a5ac3827f9f674c86bb66eee8 fix: fix flakiness in spark session stopping
* a825a7430ee49a1c56533b7f844e9094c1e0f898 chore: auto-update packages in docker
* 9314f82c7713a140311496faaeb229727886ad51 fix: Fix result parsing for forms
* 0c6490d2394e88ed09121e3a75dde638568464a1 chore: fix flaky notebook
* 94f04a8b78460826e55eabfcd64caacfa76ec44d fix: LIME sometimes return nan weights (1112)
* 85f089d0ae7aaaaefe6afa83c8aa96268bf6db14 feat: add form recognizer support (1099)
* 931cb42b25e0d637ef251b18a524d7027bbea127 update: reformat code
* 8c69739c8ff9d714613f46528504ef4fcc67d5a5 update: update setLocation
* 124b9c651211a3a580ff4d9fa254c627dc6ae866 update: remove parens
* c2e31923b68862f8ae6890491ac1d80a44eba44f fix: reformat code
* 20a795b9bf13ac70f658c379cbd7c4998ae25496 update: use HasSetLinkedService trait
* f075a97f6f0d1bd3446caa8d8389255ec18bd0a2 update: add more cognitive service
* 13a7126bbee60a287c5cf175060a44cf9a355dae update: add more cognitive service
* 8114ccce08a88f11ce7df9353d56e18d43dbe503 update: add more cognitive service
* e5b2a20d276c0c5472045d879d9fd4e64f77e803 update: add more cognitive service
* f6e6591237c994f02ab79f53f347a79d23c02277 update: remove test code
* d01fa1818e09d8c3c38ac6bf8c4e63348c5e7196 update: add test code
* d85fc59960d871060fc0f7866e5d4d55120e6f95 update: remove testing code
* 873ed329d8324b2814c1517e62e4c18feb52087a update: add sample code for test
* d842f6205ec4bbb8562a3f60c79de96eb8ba4a53 update: add sample code for test
* 2318af64c0f08fb2605621c28c2dc5565da6f86d update: add sample code for test
* 3034b59a570af404bdc5b2f395759e6badc3f5fd update: add sample code for test
* 74215972bb6ca3d02b8d1c94c20aa54aba7f376a update: add sample code for test
* 5b7e574ebe5a01a810ebed9137b258a457b63596 update: add sample code for test
* e633635611cbd79610c835a4aed543b005b7badf update: add reflection
* df9098d5aba54940278df5e47d8ad53a5123d478 update: remove example in test files
* 2deca5ee1a6a6b32befcffbe3473ad1a9c1bbee2 update: add class path
* 80b7a08ac4d3b8ff451cffc8bae2de796df240a5 update: add reflection
* f480aff79d2e2a2c04efe0fc83564ed239af22b4 Docs update
* 40f7fbf50d1f7fef6c86d04c00117bcd89c1c2f1 Reformat notebooks with jupyter lab
* 774af7297b5f61c03b59b350923677172537898b update notebooks
* bafc8d470fcf0ef1b309831113faabf93e7e7974 Update docs, reformat notebooks
* 171ed8958126eb274d6138605540c3024dfdd80a update: notebook
* c255e6617cca64f777a49a887977fc27bfb5cffd Deprecate old lime code and update readme
* a9b55425f129aa2d251c3cfd3acb76fd2778a64c docs: Documentation and notebooks for Interpretability on Spark
* 26b9b077431b9ad76689e189225e2ecbb779461f explainer notebooks
* 84f96e9a46e756396fafd243159aa7225644bbee chore: remove ununsed code
* 541f76f7dc1c31a07adb4f7f8c903199b303a4ff fix: explainers return wrong results when targetClassesCol is specified
* e54406a32ba9a5b56e65d1a12195c824bbbc6f4b chore: fix codecov logging of wrapper generation (1098)
* a5b265e41d387ddb32fecf74e6b25f35f6034d9b feat: split library into subprojects (1073)
* c84ab47020e358fe875a29160037c4971c0a77a7 fix: Unit test OOM error (1093)
* 725a92dce673b05798a410d24658a751ffa89b2e fix: Update codeowners (1092)
* 7dd6bb1cf082bdba6298cc0a85b0b6ba95ed1f0e feat: new LIME and KernelSHAP explainers (1077)
* 00bac62b94284ab5ac94c30ff1f174571622e836 update: update spark version to 3.1.2 (1086)
* 21d6c0444e1e2747b759f65f1c63f13cca12c7f8 feat: refactor to have separate dataset utils and partition processor (1089)
* e8a97ed9ecf3b6c11a164543482ada6576f8abd2 feat: refactoring of lightgbm code in preparation for single dataset mode (1088)
* e7d4ecafc3f524906ae4548b0879c37bc8633a2d build: Fixing build warnings (1080)
* ebee5dc3ac7c0ae69b120dc2b0d50da8c6e0be53 fix: BingImageSearch fails randomly in E2E test (1082)
* 0632f1bf61ab6dc793095f1a639cbf3b0754a0d7 fix: [Workaround] CNTKModel does not output correct result (1076)
* 36ee274e93e1f7a07fc863061ad726e5ca5b49ee feat: move partition consolidator and add LocalAggregator API (1071)
* 2a716c100fc99a66d01c849256b75ced383eb23a feat: add number of threads parameter (1055)
* 63ce4ef62a916982002b0b6f8a55e3f7d12b830e fix: small issue with null in bing image response (1067)
* 6aecdf1c0c212950344f210f11aea2dfb8760009 Add sparse vector support to KNN. (1063)
* ab15ca4237225caab9c8ea6e937bbed3d911b660 fix: fix flaky conversation transcription test
* 45379694813458c5e113d84186c09b3a5c455cdc fix: avoid strange issue with databricks json parser
* 4baaf4964fc1c91a532d690a58468c13e32526ad fix: fix dependency exclusions and build secret querying
* d6b1726d9078f9fd0560c986e3913b47101fe5f7 docs: Add explicit pointer to HDI install
* ae8004afc2924304ce554c1b67e1ad4c316c7100 feat: add custom objective function to lightgbm learners (1054)
* d8bb51f8d4c8b5a9cd2e9a046fb0355dabc356f2 fix: Fix issue in tabular lime sampler (1058)
* 663d9650d3884ece260a457d9b016088380c2cb9 feat: Add more notebook samples for documentation (1043)
* 12cea2df9e479077813b611c1b098ca39b1a3133 feat: add matrix type parameter and improve auto logic (1052)
* 03b8b7d141332b2913fdb9b9b1ee3671fdd12ab7 fix: Bing search URL update (1048)
* b704515f2180ea839e67ac37753c8796f759ef1a Update Classification - Adult Census.ipynb
* bd63cc8d5ab4de1e0ae73779bda6f094d28bc720 feat: add several parameters related to dart boosting type (1045)
* b7f29e8300b85e82798c8bfee96cb95207e5b727 feat: added chunk size parameter for copying java data to native (1041)
* 1c4691f1b77b93b9fe756e726f053ea77abe77c9 Update pr.yml
* aad223e045512f5c59249e838cfff2fd5d279e2d fix: early stopping test and average precision metric (1034)
* 04a9876fd30f0162f4b17c81059753c0290a5564 fix: refactor python wrappers to use common class (758)
* f5479ddfcf9fa9e776a5e83fefe4371db0d6abcc fix: java params patch (1027)
* d7b86d34502507dc6aef01a47c186d9b6ab1cfbd Create pr.yml
* c20aee805bafa17652e014e343fbe18d1981f98f Update ado-integration.yml
* e3cffa5751c369c44186dd44adb54f91bc0626a9 Delete ado-pr-integration.yml
* 11f8dbbe6d884f55bdbcaeadcc0b741ff8baf93d Update ado-integration.yml
* 369bb8326602c55a3695d6848d32e2abedc6d12f Update ado-pr-integration.yml
* a53003f3f249bf7c1c3de87b702be418afabe405 Update ado-pr-integration.yml
* 05cb62622b214927021437e0d97426559b639d74 Rename ado-pr-integration to ado-pr-integration.yml
* 03f6f29d572d3b634375da4865c26b2def437811 Create ado-pr-integration
* 19b305f0a1170458027ea1ed35cde50ad8e870e0 Update ado-integration.yml
* a7dbeb83a78caaae7c1520c26e17d9a7aafd077e Update ado-integration.yml
* 3b8e046cfc514ace79f5bae9554d415c40438978 Update ado-integration.yml
* acbb268f93db61a863e7921ad0550d9039127d6f Create ado-integration.yml (1039)
* 1e2f33b3fa5a3ab0a58093c9dc8df6f58034d024 feat: Add MMLSpark logging infrastructure (1019)
* 99b580f5ee7c671fb662908623dddff632bedc9d feat: Add R wrapper gen
* bf337941f4fed2b4675d307aa446e0e3b54ef251 fix: missing returns in new python lightgbm model methods
* 99047351f1ec4a3d547ec622c6027506c328da68 chore: update to lightgbm 3.2.110
* 61d2bf18991b78402a405085f914366c8792afe6 feat: add num iteration and start iteration to lightgbm model (1024)
* 2c223f664c506acba4fd1ef4f53b4541df3fcc25 fix: fix issue with r bindings silently failing
* c33451fb22b7c140749ac443d5a68c98a44c1c0a fix: fix conversation transcription participant column functionality
* bc9e81ef2cf3fe5b0a1a1a586ace925fa1270d1f perf: tune chunking code, fix memory leak
* 8942198727fd652d8cae5dbf75ca7404da4e07ee fix: reduce verbosity to prevent RPC disassociated errors
* 0c44344a6354f2aae4754ec825fbbc97275eacad perf: moving to new streaming API for dense data to reduce memory usage
* 1b46782818b53c0bb6cce9cb95a6eb98bf49d177 chore: fix badge publishing
* 1e3a4a44c68fd0d5257b8708c1c5e3885330c760 fix: Fix performance slip in Featurize
* 8d4c405daec9adbe4482ba20849de6596e217bef feat: Refactor code generation system
* cd79ecda47bacec8acfa6babf6e585240e617ad0 chore: upgrade lightgbm to 3.2.100
* ffe2507ed8c1b9c20ea7efe6d3d7407c4bc88506 fix: add timeout for stt
* 3b91af32cdc1bcd24d59db28240eb23b118cb502 build: update ubuntu version to 18.04
* 4446afa5d8c6748560c650deae877374e4f7793c fix: update subscription in build secrets
* 01a8cb4f2bcce7e953d7305f80b439646fc590d8 Update developer-readme.md
* 54379bf7cdfd7fb2f27f3a0bb5f055c95e560c36 chore:remove flaky LGBMtest
* 4e915d4312ea1ad11a8dc5fba499f6507c2f8825 feat: add automated python test generation infrastructure (998)
* 9b7518316cfcc2f5debce549bbffa3566c2cb865 fix: Add ffmpeg time limit enforcing for flaky streams (1001)
* ec7cb7856381cfa1169a3f6fb119a67062510cbc fix: fix upload python whl file to blob(1000)
* 96f66447ce69e1cd24ca6ec3b69c4b980255842a fix: adding more recommendation code owners (996)
* d496aa7d437e0c7edd3237a85951e43951eee1c5 fix: cleanup python tests (994)
* 0717ac4c603ab69f5f8fcc4c87dc2bfebc90e2bc fix: Fix read schemas (988)
* 9cff1e6495a4509bcaae832a44205592ecaaa05b chore: update build to new subscription (991)
* 7a1f28b0c163979baf48ff23863752c9280a2009 Update pipeline.yaml for Azure Pipelines
* 657e6b1d969932cd68f29033001abedec6760952 Update pipeline.yaml for Azure Pipelines
* 3661a443a38111a7971f236f009fa32fd7533f74 Update pipeline.yaml for Azure Pipelines
* 7ce0c5ff8cc1e0bf470d66354c324a128da35c93 Update pipeline.yaml for Azure Pipelines
* 19672c485798d65e82bb76846d0d912ed64990e7 Update pipeline.yaml for Azure Pipelines
* f913bdd94d8cf5230e1e2274c95ee768b21680df docs: fix typo (990)
* 59b684178ed12c82c292e24d0bd1ded4effeadd4 Update README.md
* 062a470e1eb714cf4443c939e97c974f98d99d17 doc: Add CyberML link to README.md (989)
* b1c1400802a55b2899f3fa21656e187a3b6fd808 feat: add TextLIME
* d4fa5771142e3a0a02953da4792622bf1362832a fix: fix issue with NER suite test
* 86beddec070a4ccdf45d41b4dfd57183a94d5269 fix: make concurrent timeout infinite
* 89fa081b82f93d6f1240b3229c7918b166571f89 fix: Make rate limiting retry indefinitely
* f14623e21b70f6ed44ba7828f7886436e21bf496 fix: Recommender Patch for Spark 3 Update (982)
* 13ce0c974963d3ccda028658886b4cf323898071 Update developer-readme.md
* 6218a5b4fdb19a1329c8b91d6ec9148bb12f3d87 Spark 3 (970)
* 5a5147addc42036282d1b45088fb91333d45b2d3 fix: fix typo in text sentimant schema
* 4fe354826d79feffcd852bd166d91402eb1384a1 feat: Add ReadAPI
* 4dab861e080248b7b938a4b2468d5633ef4be17b feat: add conversation transcription
* 218913a131a55b9de62cd200cafe9de940cadd38 fix: change ints to longs for offset and duration in STT
* 1daca68096e595e8774938bbf5d7abb98c000e80 feat: add m4a codec
* 8e0c9b0f024c0917ae2086245c8bb52d502c0d58 chore: fix Detect face suite (968)
* 0571ae25f9c25f7e1491809756687e56e5c2e84e doc: Add example cyberML notebook (958)
* b04d6d655e37c22d043cb8de4359ec5b8ba5745a fix: fix python tests in build
* 15eb55bdf8704c2375ea6e3fdd01b6fe2620c08e chore: remove issue in scalastle file for new IJ
* 66ffeca190390115a5cd0c3c1b1c819d57ee8ece chore: lower threshold for STT tests
* 55a3c1043813ec78a00755068d6028724b91aa41 build: fix build for new intellij
* 7b1830e53fc88f6cb9efc8fc6e6bd885cd08bcef fix: fix processing sparse vector size
* 0596de944e7681d8811b2aef4390527df9dfa37e Update developer-readme.md
* 05359cfa6bf69bc67ca02e07f77e2bd91dd871e6 Update developer-readme.md
* 0a30d1ae5583bcde95a20264af0a41b0d7175149 fix: Fix Double User agent setting bug
* 1f077baa295f6c1426d5a28ba45d958e2a058edb Update pipeline.yaml for Azure Pipelines
* 52463b1750db48adbcdbc073d00574345d996363 Update pipeline.yaml for Azure Pipelines
* 78083a7ac03b5ac57e031a02d6cfe36d653470da build: fix livy dependency resolution
* c2a3921739263914d605b5f8847ec01e0000d8d2 fix:remove preview api from NERv2
* 98a827194b7f17f926a055ae5ab94aca54ba669e docs: Bump python install to top to make it clearer

This list of changes was [auto generated](https://msdata.visualstudio.com/A365/_build/results?buildId=49186594&view=logs).</details>

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457