You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Sean R. Owen (Jira)" <ji...@apache.org> on 2022/04/16 21:02:00 UTC
[jira] [Resolved] (SPARK-38262) Upgrade Google guava to version 30.0-jre
[ https://issues.apache.org/jira/browse/SPARK-38262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sean R. Owen resolved SPARK-38262.
----------------------------------
Resolution: Duplicate
yes, this is a duplicate. Been discussed many times.
> Upgrade Google guava to version 30.0-jre
> ----------------------------------------
>
> Key: SPARK-38262
> URL: https://issues.apache.org/jira/browse/SPARK-38262
> Project: Spark
> Issue Type: Bug
> Components: Build
> Affects Versions: 3.3.0
> Reporter: Bjørn Jørgensen
> Priority: Major
>
> This is duplicated many times like in [SPARK-32502|https://issues.apache.org/jira/browse/SPARK-32502]
> Apache Spark is using com.google.guava:guava version 14.0.1 which has two security issues.
> [CVE-2018-10237|https://nvd.nist.gov/vuln/detail/CVE-2018-10237]
> [CVE-2020-8908|https://nvd.nist.gov/vuln/detail/CVE-2020-8908]
> We should upgrade to [version 30.0|https://mvnrepository.com/artifact/com.google.guava/guava/30.0-jre]
> I will add some links to what I have found about this issue
> [HIVE-25617:fix bug introduced by CVE-2020-8908|https://github.com/apache/hive/pull/2725]
> [Upgrade Guava to 27|https://github.com/apache/druid/pull/10683]
> [HIVE-21961: Upgrade Hadoop to 3.1.4, Guava to 27.0-jre and Jetty to 9.4.20.v20190813|https://github.com/apache/hive/pull/1821]
> [Shade Guava manually|https://github.com/apache/druid/issues/6942]
> [[DISCUSS] Hadoop 3, dropping support for Hadoop 2.x|https://lists.apache.org/thread/zmc389trnkh6x444so8mdb2h0x0noqq4]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org