building spark. I think it is
>>> being downloaded as part of some other dependency.
>>>
>>>
>>>
>>> *From:* Sean Owen
>>> *Sent:* Thursday, August 31, 2023 5:10 PM
>>> *To:* Agrawal, Sanket
>>> *Cc:* user@spark.apache.org
>>>
t;
>>
>> *From:* Sean Owen
>> *Sent:* Thursday, August 31, 2023 5:10 PM
>> *To:* Agrawal, Sanket
>> *Cc:* user@spark.apache.org
>> *Subject:* [EXT] Re: Okio Vulnerability in Spark 3.4.1
>>
>>
>>
>> Does the vulnerability affect Spark?
>>
>&g
. I think it is being
> downloaded as part of some other dependency.
>
>
>
> *From:* Sean Owen
> *Sent:* Thursday, August 31, 2023 5:10 PM
> *To:* Agrawal, Sanket
> *Cc:* user@spark.apache.org
> *Subject:* [EXT] Re: Okio Vulnerability in Spark 3.4.1
>
>
>
>
f some other dependency.
>
>
>
> *From:* Sean Owen
> *Sent:* Thursday, August 31, 2023 5:10 PM
> *To:* Agrawal, Sanket
> *Cc:* user@spark.apache.org
> *Subject:* [EXT] Re: Okio Vulnerability in Spark 3.4.1
>
>
>
> Does the vulnerability affect Spark?
>
I don’t see an entry in pom.xml while building spark. I think it is being
downloaded as part of some other dependency.
From: Sean Owen
Sent: Thursday, August 31, 2023 5:10 PM
To: Agrawal, Sanket
Cc: user@spark.apache.org
Subject: [EXT] Re: Okio Vulnerability in Spark 3.4.1
Does
Does the vulnerability affect Spark?
In any event, have you tried updating Okio in the Spark build? I don't
believe you could just replace the JAR, as other libraries probably rely on
it and compiled against the current version.
On Thu, Aug 31, 2023 at 6:02 AM Agrawal, Sanket
wrote:
> Hi All,
>
