[ https://issues.apache.org/jira/browse/SPARK-44212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17737755#comment-17737755 ]
Kazuaki Ishizaki commented on SPARK-44212: ------------------------------------------ [https://github.com/apache/spark/pull/41681#pullrequestreview-1496876723|http://example.com] is discussing the upgrade of netty. > Upgrade netty dependencies to 4.1.94.Final due to CVE-2023-34462 > ---------------------------------------------------------------- > > Key: SPARK-44212 > URL: https://issues.apache.org/jira/browse/SPARK-44212 > Project: Spark > Issue Type: Bug > Components: Spark Core > Affects Versions: 1.4.1 > Reporter: Raúl Cumplido > Priority: Major > > Hi, > On the Apache Arrow project we have noticed that our nightly integration > tests with spark started failing lately. With some investigation I've noticed > that we are defining a different version of the Java netty dependencies. We > upgraded to 4.1.94.Final due to the CVE on the title: > [https://github.com/advisories/GHSA-6mjq-h674-j845] > Our PR upgrading the version: [https://github.com/apache/arrow/issues/36209] > I have opened an issue on the Apache Arrow repository to try and fix > something else on our side but I was wondering if you would want to update > the version to solve the CVE. > > Thanks > Raúl -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org