You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Sean Owen (JIRA)" <ji...@apache.org> on 2017/03/14 08:07:41 UTC

[jira] [Resolved] (SPARK-19943) commons-collections has vulnerability: CVE-2015-6420

     [ https://issues.apache.org/jira/browse/SPARK-19943?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sean Owen resolved SPARK-19943.
-------------------------------
    Resolution: Duplicate

Generally, you wouldn't open a JIRA unless you believed it affected Spark. This is an old CVE, and it says it affects 3.2.1, but you can see we use 3.2.2. The comment in pom.xml even points you to https://issues.apache.org/jira/browse/SPARK-11652

> commons-collections has vulnerability: CVE-2015-6420
> ----------------------------------------------------
>
>                 Key: SPARK-19943
>                 URL: https://issues.apache.org/jira/browse/SPARK-19943
>             Project: Spark
>          Issue Type: Bug
>          Components: Spark Core
>    Affects Versions: 2.0.0, 2.0.1, 2.1.0
>            Reporter: meiyoula
>
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6420



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org