Re: Spark Vulnerabilities
For the Guava case, you may be interested in https://github.com/apache/spark/pull/42493 Thanks, Cheng Pan > On Aug 14, 2023, at 16:50, Sankavi Nagalingam > wrote: > > Hi Team, > We could see there are many dependent vulnerabilities present in the latest > spark-core:3.4.1.jar. PFA > Could you please let us know when will be the fix version available for the > users. > Thanks, > Sankavi > > The information in this e-mail and any attachments is confidential and may be > legally privileged. It is intended solely for the addressee or addressees. > Any use or disclosure of the contents of this e-mail/attachments by a not > intended recipient is unauthorized and may be unlawful. If you have received > this e-mail in error please notify the sender. Please note that any views or > opinions presented in this e-mail are solely those of the author and do not > necessarily represent those of TEMENOS. We recommend that you check this > e-mail and any attachments against viruses. TEMENOS accepts no liability for > any damage caused by any malicious code or virus transmitted by this e-mail. Spark-3.4.1-Vulnerablities.xlsx Description: MS-Excel 2007 spreadsheet > > - > To unsubscribe e-mail: user-unsubscr...@spark.apache.org - To unsubscribe e-mail: user-unsubscr...@spark.apache.org
Re: Spark Vulnerabilities
Yeah, we generally don't respond to "look at the output of my static analyzer". Some of these are already addressed in a later version. Some don't affect Spark. Some are possibly an issue but hard to change without breaking lots of things - they are really issues with upstream dependencies. But for any you find that seem possibly relevant, that are directly fixable, yes please open a PR with the change and your reasoning. On Mon, Aug 14, 2023 at 7:42 AM Bjørn Jørgensen wrote: > I have added links to the github PR. Or comment for those that I have not > seen before. > > Apache Spark has very many dependencies, some can easily be upgraded while > others are very hard to fix. > > Please feel free to open a PR if you wanna help. > > man. 14. aug. 2023 kl. 14:06 skrev Sankavi Nagalingam > : > >> Hi Team, >> >> >> >> We could see there are many dependent vulnerabilities present in the >> latest spark-core:3.4.1.jar. PFA >> >> Could you please let us know when will be the fix version available for >> the users. >> >> >> >> Thanks, >> >> Sankavi >> >> >> >> The information in this e-mail and any attachments is confidential and >> may be legally privileged. It is intended solely for the addressee or >> addressees. Any use or disclosure of the contents of this >> e-mail/attachments by a not intended recipient is unauthorized and may be >> unlawful. If you have received this e-mail in error please notify the >> sender. Please note that any views or opinions presented in this e-mail are >> solely those of the author and do not necessarily represent those of >> TEMENOS. We recommend that you check this e-mail and any attachments >> against viruses. TEMENOS accepts no liability for any damage caused by any >> malicious code or virus transmitted by this e-mail. >> >> - >> To unsubscribe e-mail: user-unsubscr...@spark.apache.org >> > > > -- > Bjørn Jørgensen > Vestre Aspehaug 4, 6010 Ålesund > Norge > > +47 480 94 297 > > - > To unsubscribe e-mail: user-unsubscr...@spark.apache.org
Re: Spark Vulnerabilities
I have added links to the github PR. Or comment for those that I have not seen before. Apache Spark has very many dependencies, some can easily be upgraded while others are very hard to fix. Please feel free to open a PR if you wanna help. man. 14. aug. 2023 kl. 14:06 skrev Sankavi Nagalingam : > Hi Team, > > > > We could see there are many dependent vulnerabilities present in the > latest spark-core:3.4.1.jar. PFA > > Could you please let us know when will be the fix version available for > the users. > > > > Thanks, > > Sankavi > > > > The information in this e-mail and any attachments is confidential and may > be legally privileged. It is intended solely for the addressee or > addressees. Any use or disclosure of the contents of this > e-mail/attachments by a not intended recipient is unauthorized and may be > unlawful. If you have received this e-mail in error please notify the > sender. Please note that any views or opinions presented in this e-mail are > solely those of the author and do not necessarily represent those of > TEMENOS. We recommend that you check this e-mail and any attachments > against viruses. TEMENOS accepts no liability for any damage caused by any > malicious code or virus transmitted by this e-mail. > > - > To unsubscribe e-mail: user-unsubscr...@spark.apache.org > -- Bjørn Jørgensen Vestre Aspehaug 4, 6010 Ålesund Norge +47 480 94 297 Spark-3.4.1-Vulnerablities.xlsx Description: MS-Excel 2007 spreadsheet - To unsubscribe e-mail: user-unsubscr...@spark.apache.org
Spark Vulnerabilities
Hi Team, We could see there are many dependent vulnerabilities present in the latest spark-core:3.4.1.jar. PFA Could you please let us know when will be the fix version available for the users. Thanks, Sankavi The information in this e-mail and any attachments is confidential and may be legally privileged. It is intended solely for the addressee or addressees. Any use or disclosure of the contents of this e-mail/attachments by a not intended recipient is unauthorized and may be unlawful. If you have received this e-mail in error please notify the sender. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of TEMENOS. We recommend that you check this e-mail and any attachments against viruses. TEMENOS accepts no liability for any damage caused by any malicious code or virus transmitted by this e-mail. Spark-3.4.1-Vulnerablities.xlsx Description: Spark-3.4.1-Vulnerablities.xlsx - To unsubscribe e-mail: user-unsubscr...@spark.apache.org
