From a4098a1b07d7266a0316743eaf2cf3d0f4d7e24e Mon Sep 17 00:00:00 2001
From: Zan Niu <zaniu@amazon.com>
Date: Fri, 31 Jan 2025 08:03:33 +0000
Subject: [PATCH] Fix CVE caused by jetty-http introduced in spark-core

Signed-off-by: Zan Niu <zaniu@amazon.com>
---
 build.gradle | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index a4c1aa61..829dbdb0 100644
--- a/build.gradle
+++ b/build.gradle
@@ -224,7 +224,8 @@ task addSparkJar(type: Copy) {
         }
         // Remove the unwanted directory from jar B
         delete file("${jarBContents}/org/apache/spark/unused")
-
+        delete file("${jarBContents}/org/sparkproject/jetty/http")
+        delete file("${jarBContents}/META-INF/maven/org.eclipse.jetty/jetty-http")
         // Re-compress jar B
         ant.zip(destfile: jarB, baseDir: jarBContents)