You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@spark.apache.org by phoebe chen <ph...@gmail.com> on 2022/10/04 16:30:51 UTC

[Spark Core][Release]Can we consider add SPARK-39725 into 3.3.1 or 3.3.2 release?

Hi:
(Not sure if this mailing group is good to use for such question, but just
try my luck here, thanks)

SPARK-39725 <https://issues.apache.org/jira/browse/SPARK-39725> has fix for
security issues CVE-2022-2047 and CVE2022-2048 (High), which was set to
3.4.0 release but that will happen Feb 2023. Is it possible to have it in
any earlier release such as 3.3.1 or 3.3.2?

Re: [Spark Core][Release]Can we consider add SPARK-39725 into 3.3.1 or 3.3.2 release?

Posted by Bjørn Jørgensen <bj...@gmail.com>.

I have made a PR <https://github.com/apache/spark/pull/38098> for this now.

tir. 4. okt. 2022 kl. 19:02 skrev Sean Owen <sr...@gmail.com>:

> I think it's fine to backport that to 3.3.x, regardless of whether it
> clearly affects Spark or not.
>
> On Tue, Oct 4, 2022 at 11:31 AM phoebe chen <ph...@gmail.com>
> wrote:
>
>> Hi:
>> (Not sure if this mailing group is good to use for such question, but
>> just try my luck here, thanks)
>>
>> SPARK-39725 <https://issues.apache.org/jira/browse/SPARK-39725> has
>> fix for security issues CVE-2022-2047 and CVE2022-2048 (High), which was
>> set to 3.4.0 release but that will happen Feb 2023. Is it possible to have
>> it in any earlier release such as 3.3.1 or 3.3.2?
>>
>>
>>

-- 
Bjørn Jørgensen
Vestre Aspehaug 4, 6010 Ålesund
Norge

+47 480 94 297

Re: [Spark Core][Release]Can we consider add SPARK-39725 into 3.3.1 or 3.3.2 release?

Posted by Sean Owen <sr...@gmail.com>.

I think it's fine to backport that to 3.3.x, regardless of whether it
clearly affects Spark or not.

On Tue, Oct 4, 2022 at 11:31 AM phoebe chen <ph...@gmail.com> wrote:

> Hi:
> (Not sure if this mailing group is good to use for such question, but just
> try my luck here, thanks)
>
> SPARK-39725 <https://issues.apache.org/jira/browse/SPARK-39725> has
> fix for security issues CVE-2022-2047 and CVE2022-2048 (High), which was
> set to 3.4.0 release but that will happen Feb 2023. Is it possible to have
> it in any earlier release such as 3.3.1 or 3.3.2?
>
>
>