You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@spark.apache.org by GitBox <gi...@apache.org> on 2022/08/09 12:26:16 UTC

[GitHub] [spark] steveloughran commented on a diff in pull request #37281: [SPARK-39863][BUILD] Upgrade Hadoop to 3.3.4

steveloughran commented on code in PR #37281:
URL: https://github.com/apache/spark/pull/37281#discussion_r941274678


##########
dev/deps/spark-deps-hadoop-3-hive-2.3:
##########
@@ -25,7 +25,7 @@ automaton/1.11-8//automaton-1.11-8.jar
 avro-ipc/1.11.0//avro-ipc-1.11.0.jar
 avro-mapred/1.11.0//avro-mapred-1.11.0.jar
 avro/1.11.0//avro-1.11.0.jar
-aws-java-sdk-bundle/1.11.1026//aws-java-sdk-bundle-1.11.1026.jar
+aws-java-sdk-bundle/1.12.132//aws-java-sdk-bundle-1.12.132.jar

Review Comment:
   we are at 1.12.262. there's a CVE out on the aws sdk transfer manager for releases < 1.12.261, which the s3a connector isn't exposed to (it's only for downloads through that class), but which other apps using the same sdk may be.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org