[
https://issues.apache.org/jira/browse/SPARK-44212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17737755#comment-17737755
]
Kazuaki Ishizaki commented on SPARK-44212:
------------------------------------------
[https://github.com/apache/spark/pull/41681#pullrequestreview-1496876723|http://example.com]
is discussing the upgrade of netty.
> Upgrade netty dependencies to 4.1.94.Final due to CVE-2023-34462
> ----------------------------------------------------------------
>
> Key: SPARK-44212
> URL: https://issues.apache.org/jira/browse/SPARK-44212
> Project: Spark
> Issue Type: Bug
> Components: Spark Core
> Affects Versions: 1.4.1
> Reporter: Raúl Cumplido
> Priority: Major
>
> Hi,
> On the Apache Arrow project we have noticed that our nightly integration
> tests with spark started failing lately. With some investigation I've noticed
> that we are defining a different version of the Java netty dependencies. We
> upgraded to 4.1.94.Final due to the CVE on the title:
> [https://github.com/advisories/GHSA-6mjq-h674-j845]
> Our PR upgrading the version: [https://github.com/apache/arrow/issues/36209]
> I have opened an issue on the Apache Arrow repository to try and fix
> something else on our side but I was wondering if you would want to update
> the version to solve the CVE.
>
> Thanks
> Raúl
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
