You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Apache Spark (Jira)" <ji...@apache.org> on 2020/10/01 15:22:00 UTC

[jira] [Commented] (SPARK-32723) Upgrade to jQuery 3.5.1

    [ https://issues.apache.org/jira/browse/SPARK-32723?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17205607#comment-17205607 ] 

Apache Spark commented on SPARK-32723:
--------------------------------------

User 'n-marion' has created a pull request for this issue:
https://github.com/apache/spark/pull/29922

> Upgrade to jQuery 3.5.1
> -----------------------
>
>                 Key: SPARK-32723
>                 URL: https://issues.apache.org/jira/browse/SPARK-32723
>             Project: Spark
>          Issue Type: Bug
>          Components: Spark Core
>    Affects Versions: 3.0.0
>            Reporter: Ashish Kumar Singh
>            Assignee: Peter Toth
>            Priority: Major
>              Labels: Security
>             Fix For: 3.1.0
>
>
> Spark 3.0, Spark 2.4.x uses JQuery version < 3.5 which has known security vulnerability in Spark Master UI and Spark Worker UI.
> Can we please upgrade JQuery to 3.5 and above ?
>  [https://www.tenable.com/plugins/nessus/136929]
> ??According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.??
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org