You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Steve Loughran (Jira)" <ji...@apache.org> on 2022/08/03 13:07:00 UTC
[jira] [Commented] (SPARK-39969) Spark AWS SDK and kinesis dependencies lagging hadoop-aws and s3a
[ https://issues.apache.org/jira/browse/SPARK-39969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17574720#comment-17574720 ]
Steve Loughran commented on SPARK-39969:
----------------------------------------
note: although the latest release fixes the latest set of jackson CVEs in the aws shaded jar, the s3 client doesn't use the vulnerable libraries. don't know about the rest of the sdk.j it will at least stop code security analysis tools from complaining so much
> Spark AWS SDK and kinesis dependencies lagging hadoop-aws and s3a
> -----------------------------------------------------------------
>
> Key: SPARK-39969
> URL: https://issues.apache.org/jira/browse/SPARK-39969
> Project: Spark
> Issue Type: Improvement
> Components: Build
> Affects Versions: 3.4.0
> Reporter: Steve Loughran
> Priority: Minor
>
> The AWS SDK and matching kinesis versions are now a few iterations behind what is shipping in hadoop 3.3.x. ( see HADOOP-18068 and HADOOP-18344)
> * this updates dependencies/bundling of jackson and httpclient
> * no problems upgrading other than some test regressions
> catching up would be good, as it means that recent s3a releases are not qualified with the AWS SDK release spark is pulling in -and if there is any problem. it'll be a spark team issue.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org