Re: CVEs

out. Thanks, Eric On Mon, Jun 21, 2021 at 5:45 PM Eric Richardson wrote: > Ok, that sounds like a plan. I will gather what I found and either reach > out on the security channel and/or try and upgrade with a pull request. > > Thanks for pointing me in the right direction. > &

Re: CVEs

>> a valid vulnerability the best path forward is likely reaching out to >> private@ to figure out how to do a security release. >> >> On Mon, Jun 21, 2021 at 4:42 PM Eric Richardson >> wrote: >> >>> Thanks for the quick reply. Yes, since it is included in t

Re: CVEs

. > > If someone had a legit view that this is potentially more serious I think > we could _probably backport that update, but Jackson can be a little bit > tricky with compatibility IIRC so would just bear some testing. > > > On Mon, Jun 21, 2021 at 5:27 PM Eric Richardson

CVEs

Hi, I am working with Spark 3.1.2 and getting several vulnerabilities popping up. I am wondering if the Spark distros are scanned etc. and how people resolve these. For example. I am finding - https://nvd.nist.gov/vuln/detail/CVE-2020-25649 This looks like it is fixed in 2.11.0 -

unsubscribe

unsubscribe

Re: sbt for Spark build with Scala 2.11

I believe that is the case. > > Jenkins jobs have been running against Scala 2.11: > > [INFO] --- scala-maven-plugin:3.2.2:testCompile (scala-test-compile-first) @ > java8-tests_2.11 --- > > > FYI > > > On Mon, May 16, 2016 at 2:45 PM, Eric Richardson <ekrichard...@gmail.co

Re: sbt for Spark build with Scala 2.11

On Thu, May 12, 2016 at 9:23 PM, Luciano Resende wrote: > Spark has moved to build using Scala 2.11 by default in master/trunk. > Does this mean that the pre-built binaries for download will also move to 2.11 as well? > > > As for the 2.0.0-SNAPSHOT, it is actually the