You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@spark.apache.org by GitBox <gi...@apache.org> on 2021/10/21 20:23:16 UTC

[GitHub] [spark] juliuszsompolski opened a new pull request #34361: [SPARK-37090] Upgrade libthrift to avoid security vulnerabilities

juliuszsompolski opened a new pull request #34361:
URL: https://github.com/apache/spark/pull/34361


   ### What changes were proposed in this pull request?
   
   Upgrade libthrift dependency from 0.12.0 to 0.15.0
   
   ### Why are the changes needed?
   
   https://snyk.io/vuln/maven:org.apache.thrift%3Alibthrift lists a couple of high-impact vulnerabilities of libthrift 0.12.0, in particular
   * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13949
   * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0205
   
   Keep the library up to date to fix vulnerabilities.
   
   ### Does this PR introduce _any_ user-facing change?
   
   No.
   
   ### How was this patch tested?
   
   Existing tests.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] SparkQA commented on pull request #34361: [SPARK-37090] Upgrade libthrift to avoid security vulnerabilities

Posted by GitBox <gi...@apache.org>.

SparkQA commented on pull request #34361:
URL: https://github.com/apache/spark/pull/34361#issuecomment-948992199


   **[Test build #144517 has started](https://amplab.cs.berkeley.edu/jenkins/job/SparkPullRequestBuilder/144517/testReport)** for PR 34361 at commit [`f9a5c60`](https://github.com/apache/spark/commit/f9a5c60fa384fd95d30e51ea7e037b4d85306d4a).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] AmplabJenkins commented on pull request #34361: [SPARK-37090] Upgrade libthrift to avoid security vulnerabilities

Posted by GitBox <gi...@apache.org>.

AmplabJenkins commented on pull request #34361:
URL: https://github.com/apache/spark/pull/34361#issuecomment-949002463


   
   Refer to this link for build results (access rights to CI server needed): 
   https://amplab.cs.berkeley.edu/jenkins//job/SparkPullRequestBuilder-K8s/48988/
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] srowen commented on pull request #34361: [SPARK-37090] Upgrade libthrift to avoid security vulnerabilities

Posted by GitBox <gi...@apache.org>.

srowen commented on pull request #34361:
URL: https://github.com/apache/spark/pull/34361#issuecomment-949000588


   See https://github.com/apache/spark/pull/34280 - Hyukjin already tried this. We can close this an the JIRA as a dupe.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] AmplabJenkins commented on pull request #34361: [SPARK-37090] Upgrade libthrift to avoid security vulnerabilities

Posted by GitBox <gi...@apache.org>.

AmplabJenkins commented on pull request #34361:
URL: https://github.com/apache/spark/pull/34361#issuecomment-948997152


   
   Refer to this link for build results (access rights to CI server needed): 
   https://amplab.cs.berkeley.edu/jenkins//job/SparkPullRequestBuilder/144517/
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] AmplabJenkins removed a comment on pull request #34361: [SPARK-37090] Upgrade libthrift to avoid security vulnerabilities

Posted by GitBox <gi...@apache.org>.

AmplabJenkins removed a comment on pull request #34361:
URL: https://github.com/apache/spark/pull/34361#issuecomment-948997152


   
   Refer to this link for build results (access rights to CI server needed): 
   https://amplab.cs.berkeley.edu/jenkins//job/SparkPullRequestBuilder/144517/
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] SparkQA removed a comment on pull request #34361: [SPARK-37090] Upgrade libthrift to avoid security vulnerabilities

Posted by GitBox <gi...@apache.org>.

SparkQA removed a comment on pull request #34361:
URL: https://github.com/apache/spark/pull/34361#issuecomment-948992199


   **[Test build #144517 has started](https://amplab.cs.berkeley.edu/jenkins/job/SparkPullRequestBuilder/144517/testReport)** for PR 34361 at commit [`f9a5c60`](https://github.com/apache/spark/commit/f9a5c60fa384fd95d30e51ea7e037b4d85306d4a).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] SparkQA commented on pull request #34361: [SPARK-37090] Upgrade libthrift to avoid security vulnerabilities

Posted by GitBox <gi...@apache.org>.

SparkQA commented on pull request #34361:
URL: https://github.com/apache/spark/pull/34361#issuecomment-949002432


   Kubernetes integration test unable to build dist.
   
   exiting with code: 1
   URL: https://amplab.cs.berkeley.edu/jenkins/job/SparkPullRequestBuilder-K8s/48988/
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] SparkQA commented on pull request #34361: [SPARK-37090] Upgrade libthrift to avoid security vulnerabilities

Posted by GitBox <gi...@apache.org>.

SparkQA commented on pull request #34361:
URL: https://github.com/apache/spark/pull/34361#issuecomment-948997117


   **[Test build #144517 has finished](https://amplab.cs.berkeley.edu/jenkins/job/SparkPullRequestBuilder/144517/testReport)** for PR 34361 at commit [`f9a5c60`](https://github.com/apache/spark/commit/f9a5c60fa384fd95d30e51ea7e037b4d85306d4a).
    * This patch **fails to build**.
    * This patch merges cleanly.
    * This patch adds no public classes.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] juliuszsompolski commented on pull request #34361: [SPARK-37090] Upgrade libthrift to avoid security vulnerabilities

Posted by GitBox <gi...@apache.org>.

juliuszsompolski commented on pull request #34361:
URL: https://github.com/apache/spark/pull/34361#issuecomment-949023501


   Thanks @srowen for pointing this out.
   @wangyum would you open https://github.com/apache/spark/compare/master...wangyum:thrift-0.15?expand=1 as PR?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] juliuszsompolski closed pull request #34361: [SPARK-37090] Upgrade libthrift to avoid security vulnerabilities

Posted by GitBox <gi...@apache.org>.

juliuszsompolski closed pull request #34361:
URL: https://github.com/apache/spark/pull/34361


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org