You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Dongjoon Hyun (JIRA)" <ji...@apache.org> on 2019/07/06 18:19:00 UTC
[jira] [Commented] (SPARK-28255) Upgrade dependencies with
vulnerabilities
[ https://issues.apache.org/jira/browse/SPARK-28255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16879730#comment-16879730 ]
Dongjoon Hyun commented on SPARK-28255:
---------------------------------------
Could you provide how to verify the vulnerabilities, [~bozho]? And, what is the alternative for Py4J? py4j-0.10.8.1 is the latest one.
If there is no update from Py4J, this issue might be invalid.
> Upgrade dependencies with vulnerabilities
> -----------------------------------------
>
> Key: SPARK-28255
> URL: https://issues.apache.org/jira/browse/SPARK-28255
> Project: Spark
> Issue Type: Bug
> Components: Spark Core
> Affects Versions: 3.0.0
> Reporter: Bozhidar Bozhanov
> Priority: Major
>
> There are severe vulnerabilities in two dependencies:
>
> [ERROR] hadoop-mapreduce-client-core-2.7.3.jar: CVE-2018-8029, CVE-2016-6811[ERROR] py4j-0.10.8.1.jar: CVE-2016-5636, CVE-2008-1887
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org