This is an automated email from the ASF dual-hosted git repository. srowen pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/spark-website.git
The following commit(s) were added to refs/heads/asf-site by this push: new 20f272012 CVE version update 20f272012 is described below commit 20f2720126be7a5ecea244fa7ff977a995ed2a8c Author: Sean Owen <sro...@gmail.com> AuthorDate: Mon Oct 3 12:25:05 2022 -0500 CVE version update See mailing list discussion. The idea is to give a 'resolved by' version for older CVEs that are advice or affected only the build. Author: Sean Owen <sro...@gmail.com> Closes #414 from srowen/CVEVersionUpdate. --- security.md | 6 ++++-- site/security.html | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/security.md b/security.md index 0fb077b05..a4b470cd6 100644 --- a/security.md +++ b/security.md @@ -200,7 +200,9 @@ Vendor: The Apache Software Foundation Versions Affected -- 1.3.x release branch and later +- 2.1.x release branch and earlier +- 2.2.x release branch before Spark 2.2.3 +- 2.3.x release branch before Spark 2.3.3 Description: @@ -232,7 +234,7 @@ Vendor: The Apache Software Foundation Versions Affected: -- Spark versions from 1.3.0, running standalone master with REST API enabled, or running Mesos master with cluster mode enabled +- Spark versions from 1.3.0, running standalone master with REST API enabled, or running Mesos master with cluster mode enabled; suggested mitigations resolved the issue as of Spark 2.4.0. Description: diff --git a/site/security.html b/site/security.html index d750bd0c0..369af400a 100644 --- a/site/security.html +++ b/site/security.html @@ -341,7 +341,9 @@ and related security properties described at https://spark.apache.org/docs/lates <p>Versions Affected</p> <ul> - <li>1.3.x release branch and later</li> + <li>2.1.x release branch and earlier</li> + <li>2.2.x release branch before Spark 2.2.3</li> + <li>2.3.x release branch before Spark 2.3.3</li> </ul> <p>Description:</p> @@ -378,7 +380,7 @@ source code.</p> <p>Versions Affected:</p> <ul> - <li>Spark versions from 1.3.0, running standalone master with REST API enabled, or running Mesos master with cluster mode enabled</li> + <li>Spark versions from 1.3.0, running standalone master with REST API enabled, or running Mesos master with cluster mode enabled; suggested mitigations resolved the issue as of Spark 2.4.0.</li> </ul> <p>Description:</p> --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For additional commands, e-mail: commits-h...@spark.apache.org