[ https://issues.apache.org/jira/browse/SPARK-24229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16682137#comment-16682137 ]
Dongjoon Hyun edited comment on SPARK-24229 at 11/10/18 1:40 AM: ----------------------------------------------------------------- I also agree with [~vanzin] 's opinion. Since this is open, [~Fokko] already made a PR to this. I'll close this for now to save Apache Spark community effort. Please reopen this with a reproducible test case. was (Author: dongjoon): I also agree with [~vanzin] 's opinion. Since this is open, [~Fokko] already made a PR to this. I'll close this for now. Please reopen this with a reproducible test case. > Upgrade to the latest Apache Thrift 0.10.0 release > -------------------------------------------------- > > Key: SPARK-24229 > URL: https://issues.apache.org/jira/browse/SPARK-24229 > Project: Spark > Issue Type: Bug > Components: Java API > Affects Versions: 2.3.0 > Reporter: Ray Donnelly > Priority: Critical > > According to [https://www.cvedetails.com/cve/CVE-2016-5397/] > > .. there are critical vulnerabilities in libthrift 0.9.3 currently vendored > in Apache Spark (and then, for us, into PySpark). > > Can anyone help to assess the seriousness of this and what should be done > about it? > -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org