You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@spark.apache.org by GitBox <gi...@apache.org> on 2022/02/22 16:51:12 UTC

[GitHub] [spark] bjornjorgensen opened a new pull request #35614: [SPARK][38291] Upgrade postgresql from 42.3.0 to 42.3.3

bjornjorgensen opened a new pull request #35614:
URL: https://github.com/apache/spark/pull/35614


   ### What changes were proposed in this pull request?
   Upgrade Postgresql 42.3.0 to 42.3.3
   
   
   ### Why are the changes needed?
   [CVE-2022-21724](https://nvd.nist.gov/vuln/detail/CVE-2022-21724)
   and 
   [Arbitrary File Write Vulnerability](https://github.com/advisories/GHSA-673j-qm5f-xpv8)
   
   By upgrading postgresql from 42.3.0 to 42.3.3 we will resolve this issues. 
   
   
   ### Does this PR introduce _any_ user-facing change?
   NO
   
   ### How was this patch tested?
   All test must pass. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] dongjoon-hyun closed pull request #35614: [SPARK-38291][BUILD][TESTS] Upgrade `postgresql` from 42.3.0 to 42.3.3

Posted by GitBox <gi...@apache.org>.

dongjoon-hyun closed pull request #35614:
URL: https://github.com/apache/spark/pull/35614


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] bjornjorgensen commented on pull request #35614: [SPARK-38291][BUILD] Upgrade postgresql from 42.3.0 to 42.3.3

Posted by GitBox <gi...@apache.org>.

bjornjorgensen commented on pull request #35614:
URL: https://github.com/apache/spark/pull/35614#issuecomment-1048178536


   Thank you @dongjoon-hyun 
   The problem today is that many people have a strong focus on data security. And when they - the user or the data security department of organizations see software with known security holes, then uncertainties arise. I agree with you that it takes an incredible amount of time for this security hole to be exploited in spark. But let's remove the doubt. And as long as our existing tests pass, I do not see the reason why we should stop either.
   
   I'm a little unsure what you mean by "Could you describe as a normal test dependency update instead of those false alarms, please?" I have now changed the title of the PR. If this is what you were thinking?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] dongjoon-hyun commented on pull request #35614: [SPARK-38291][BUILD] Upgrade postgresql from 42.3.0 to 42.3.3

Posted by GitBox <gi...@apache.org>.

dongjoon-hyun commented on pull request #35614:
URL: https://github.com/apache/spark/pull/35614#issuecomment-1048206811


   Thank you for update, @bjornjorgensen . Yes, that's what I expected. We can mentioned CVE in the PR description as some background as you did.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org