[spark-website] branch asf-site updated: CVE version update

Mon, 03 Oct 2022 10:25:36 -0700 

This is an automated email from the ASF dual-hosted git repository.

srowen pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/spark-website.git


The following commit(s) were added to refs/heads/asf-site by this push:
     new 20f272012 CVE version update
20f272012 is described below

commit 20f2720126be7a5ecea244fa7ff977a995ed2a8c
Author: Sean Owen <sro...@gmail.com>
AuthorDate: Mon Oct 3 12:25:05 2022 -0500

    CVE version update
    
    See mailing list discussion. The idea is to give a 'resolved by' version 
for older CVEs that are advice or affected only the build.
    
    Author: Sean Owen <sro...@gmail.com>
    
    Closes #414 from srowen/CVEVersionUpdate.
---
 security.md        | 6 ++++--
 site/security.html | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/security.md b/security.md
index 0fb077b05..a4b470cd6 100644
--- a/security.md
+++ b/security.md
@@ -200,7 +200,9 @@ Vendor: The Apache Software Foundation
 
 Versions Affected
 
-- 1.3.x release branch and later
+- 2.1.x release branch and earlier
+- 2.2.x release branch before Spark 2.2.3
+- 2.3.x release branch before Spark 2.3.3
 
 Description:
 
@@ -232,7 +234,7 @@ Vendor: The Apache Software Foundation
 
 Versions Affected:
 
-- Spark versions from 1.3.0, running standalone master with REST API enabled, 
or running Mesos master with cluster mode enabled
+- Spark versions from 1.3.0, running standalone master with REST API enabled, 
or running Mesos master with cluster mode enabled; suggested mitigations 
resolved the issue as of Spark 2.4.0.
 
 Description:
 
diff --git a/site/security.html b/site/security.html
index d750bd0c0..369af400a 100644
--- a/site/security.html
+++ b/site/security.html
@@ -341,7 +341,9 @@ and related security properties described at 
https://spark.apache.org/docs/lates
 <p>Versions Affected</p>
 
 <ul>
-  <li>1.3.x release branch and later</li>
+  <li>2.1.x release branch and earlier</li>
+  <li>2.2.x release branch before Spark 2.2.3</li>
+  <li>2.3.x release branch before Spark 2.3.3</li>
 </ul>
 
 <p>Description:</p>
@@ -378,7 +380,7 @@ source code.</p>
 <p>Versions Affected:</p>
 
 <ul>
-  <li>Spark versions from 1.3.0, running standalone master with REST API 
enabled, or running Mesos master with cluster mode enabled</li>
+  <li>Spark versions from 1.3.0, running standalone master with REST API 
enabled, or running Mesos master with cluster mode enabled; suggested 
mitigations resolved the issue as of Spark 2.4.0.</li>
 </ul>
 
 <p>Description:</p>


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org
For additional commands, e-mail: commits-h...@spark.apache.org

Reply via email to