You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mnemonic.apache.org by "Wang, Gang (Jira)" <ji...@apache.org> on 2022/03/07 07:48:00 UTC
[jira] [Updated] (MNEMONIC-733) Identified 5 more critical security vulnerabilities
[ https://issues.apache.org/jira/browse/MNEMONIC-733?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Wang, Gang updated MNEMONIC-733:
--------------------------------
Description:
There are still 5 more critical security vulnerabilities which are all introduced by Spark core (org.apache.spark:spark-core_2.11@2.2.0) indirectly, but I cannot find available remediation for that, please check it out [https://mvnrepository.com/artifact/org.apache.spark/spark-core]
so, I suggest temporarily disabling the spark integration module till it got solved and available in Maven repository.
was:
There are still 5 more critical security vulnerabilities which are all introduced by Spark core (org.apache.spark:spark-core_2.11@2.2.0) indirectly, but I cannot find available remediation for that, please check it out [https://mvnrepository.com/artifact/org.apache.spark/spark-core]
so, I suggest to temporarily disable the spark integration module till it got solved and available in Maven repository.
> Identified 5 more critical security vulnerabilities
> ---------------------------------------------------
>
> Key: MNEMONIC-733
> URL: https://issues.apache.org/jira/browse/MNEMONIC-733
> Project: Mnemonic
> Issue Type: Bug
> Components: Spark-Integration
> Affects Versions: 0.17.0
> Reporter: Wang, Gang
> Assignee: Wang, Gang
> Priority: Critical
> Fix For: 0.17.0
>
>
> There are still 5 more critical security vulnerabilities which are all introduced by Spark core (org.apache.spark:spark-core_2.11@2.2.0) indirectly, but I cannot find available remediation for that, please check it out [https://mvnrepository.com/artifact/org.apache.spark/spark-core]
> so, I suggest temporarily disabling the spark integration module till it got solved and available in Maven repository.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)