You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Bhupesh (Jira)" <ji...@apache.org> on 2021/04/23 15:45:00 UTC
[jira] [Comment Edited] (SPARK-34458) Spark-hive: apache hive
dependency with CVEs
[ https://issues.apache.org/jira/browse/SPARK-34458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17330873#comment-17330873 ]
Bhupesh edited comment on SPARK-34458 at 4/23/21, 3:44 PM:
-----------------------------------------------------------
I found that, this is already upgraded twice. Following are the git link of change. *
* [https://github.pie.apple.com/blnu/apache-spark/commit/29e7d354a896fbf5a00e22da6554356aa0d4eb95]
* [https://github.pie.apple.com/blnu/apache-spark/commit/181d326a98c07d6021f11d5eb85962360bd8406d]
was (Author: bdhiman84):
I found that, this is already upgraded twice. Following are the git link of change. * [https://github.pie.apple.com/blnu/apache-spark/commit/29e7d354a896fbf5a00e22da6554356aa0d4eb95]
* [https://github.pie.apple.com/blnu/apache-spark/commit/181d326a98c07d6021f11d5eb85962360bd8406d]
> Spark-hive: apache hive dependency with CVEs
> --------------------------------------------
>
> Key: SPARK-34458
> URL: https://issues.apache.org/jira/browse/SPARK-34458
> Project: Spark
> Issue Type: Bug
> Components: Spark Core
> Affects Versions: 3.0.1
> Reporter: Gang Liang
> Priority: Major
>
> Apache hive version 2.3.7 used by spark-hive (version 3.0.1) has the following CVEs, as reported by our security team.
> CVE-2017-12625, CVE-2015-1772, CVE-2016-3083, CVE-2018-11777, CVE-2014-0228
> Please upgrade apache hive libraries to a higher version with no known security risks.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org