[jira] [Commented] (SPARK-20922) Unsafe deserialization in Spark LauncherConnection

[ https://issues.apache.org/jira/browse/SPARK-20922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16473889#comment-16473889 ] Ruslan Fialkovsky commented on SPARK-20922: --- Thanks for clarification. > Unsafe

[jira] [Commented] (SPARK-20922) Unsafe deserialization in Spark LauncherConnection

[ https://issues.apache.org/jira/browse/SPARK-20922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16472393#comment-16472393 ] Marcelo Vanzin commented on SPARK-20922: You should also be able to use just the spark-launcher

[jira] [Commented] (SPARK-20922) Unsafe deserialization in Spark LauncherConnection

[ https://issues.apache.org/jira/browse/SPARK-20922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16472231#comment-16472231 ] Marcelo Vanzin commented on SPARK-20922: I think Spark 1.6 at this point is considered EOL by the

[jira] [Commented] (SPARK-20922) Unsafe deserialization in Spark LauncherConnection

[ https://issues.apache.org/jira/browse/SPARK-20922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16471600#comment-16471600 ] Ruslan Fialkovsky commented on SPARK-20922: --- I can't update Spark to 2.2. Will you make fix

[jira] [Commented] (SPARK-20922) Unsafe deserialization in Spark LauncherConnection

[ https://issues.apache.org/jira/browse/SPARK-20922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16389907#comment-16389907 ] Marcelo Vanzin commented on SPARK-20922: You remediate it by upgrading to a version with the fix

[jira] [Commented] (SPARK-20922) Unsafe deserialization in Spark LauncherConnection

[ https://issues.apache.org/jira/browse/SPARK-20922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16389809#comment-16389809 ] Patrick John Esteban commented on SPARK-20922: -- Hi Guys, I'm new to this vulnerability. Can

[jira] [Commented] (SPARK-20922) Unsafe deserialization in Spark LauncherConnection

[ https://issues.apache.org/jira/browse/SPARK-20922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16154075#comment-16154075 ] Sean Owen commented on SPARK-20922: --- This came up again today and our security folks also suggested

[jira] [Commented] (SPARK-20922) Unsafe deserialization in Spark LauncherConnection

[ https://issues.apache.org/jira/browse/SPARK-20922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16112602#comment-16112602 ] Sean Owen commented on SPARK-20922: --- If you'd email a suggested CVE description to

[jira] [Commented] (SPARK-20922) Unsafe deserialization in Spark LauncherConnection

[ https://issues.apache.org/jira/browse/SPARK-20922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16112600#comment-16112600 ] Aditya Sharad commented on SPARK-20922: --- Apologies for the delay in getting back to you. I believe

[jira] [Commented] (SPARK-20922) Unsafe deserialization in Spark LauncherConnection

[ https://issues.apache.org/jira/browse/SPARK-20922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16036628#comment-16036628 ] Sean Owen commented on SPARK-20922: --- This is already publicly disclosed, which isn't a big deal because

[jira] [Commented] (SPARK-20922) Unsafe deserialization in Spark LauncherConnection

[ https://issues.apache.org/jira/browse/SPARK-20922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16036543#comment-16036543 ] Aditya Sharad commented on SPARK-20922: --- I appreciate your quick response to this issue. I believe

[jira] [Commented] (SPARK-20922) Unsafe deserialization in Spark LauncherConnection

[ https://issues.apache.org/jira/browse/SPARK-20922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16033877#comment-16033877 ] Apache Spark commented on SPARK-20922: -- User 'vanzin' has created a pull request for this issue:

[jira] [Commented] (SPARK-20922) Unsafe deserialization in Spark LauncherConnection

[ https://issues.apache.org/jira/browse/SPARK-20922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16031594#comment-16031594 ] Apache Spark commented on SPARK-20922: -- User 'vanzin' has created a pull request for this issue:

[jira] [Commented] (SPARK-20922) Unsafe deserialization in Spark LauncherConnection

[ https://issues.apache.org/jira/browse/SPARK-20922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16029693#comment-16029693 ] Marcelo Vanzin commented on SPARK-20922: Yeah, it's not as simple to exploit, but I guess we'll

[jira] [Commented] (SPARK-20922) Unsafe deserialization in Spark LauncherConnection

[ https://issues.apache.org/jira/browse/SPARK-20922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16029455#comment-16029455 ] Aditya Sharad commented on SPARK-20922: --- Yes, this is different from SPARK-11652, which focused on

[jira] [Commented] (SPARK-20922) Unsafe deserialization in Spark LauncherConnection

[ https://issues.apache.org/jira/browse/SPARK-20922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16029344#comment-16029344 ] Sean Owen commented on SPARK-20922: --- This is not the same as