You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Kousuke Saruta (Jira)" <ji...@apache.org> on 2021/08/24 13:30:00 UTC
[jira] [Commented] (SPARK-36572) Removal of netty-3.9.9.Final.jar
dependent code and use only netty-all-4.1.47.Final.jar in Spark 2.4.x
[ https://issues.apache.org/jira/browse/SPARK-36572?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17403798#comment-17403798 ]
Kousuke Saruta commented on SPARK-36572:
----------------------------------------
[~sshukla05] Sorry, 2.4.8 is the last release of 2.4.x. So we will not upgrade Netty for 2.4.x.
See also our maintenance policy.
http://spark.apache.org/versioning-policy.html
> Removal of netty-3.9.9.Final.jar dependent code and use only netty-all-4.1.47.Final.jar in Spark 2.4.x
> ------------------------------------------------------------------------------------------------------
>
> Key: SPARK-36572
> URL: https://issues.apache.org/jira/browse/SPARK-36572
> Project: Spark
> Issue Type: Bug
> Components: Build
> Affects Versions: 2.4.7, 2.4.8
> Reporter: SHOBHIT SHUKLA
> Priority: Major
>
> Please remove netty-3.9.9.Final.jar from Spark 2.4.x because this jar was reported for CVE-2019-20444 and CVE-2019-20445, we don't have option to upgrade netty-x.final.jar
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org