: Sean Owen
Sent: Wednesday, December 14, 2022 10:27 PM
To: Wang, Harper (FRPPE)
Cc: user@spark.apache.org
Subject: Re: [EXTERNAL] Re: [Spark vulnerability] replace jackson-mapper-asl
The CVE you mention seems to affect jackson-databind, not jackson-mapper-asl.
3.3.1 already uses databind 2.13.x
Regards
>
> Harper
>
>
>
> *From:* Sean Owen
> *Sent:* Wednesday, December 14, 2022 10:27 PM
> *To:* Wang, Harper (FRPPE)
> *Cc:* user@spark.apache.org
> *Subject:* Re: [EXTERNAL] Re: [Spark vulnerability] replace
> jackson-mapper-asl
>
>
>
> The CVE y
78a3a34c28fc15e898307e458d501a7e11d6d51?context=explore
>
> https://pypi.org/project/pyspark/
>
>
>
> Regards
>
> Harper
>
>
>
>
>
> *From:* Sean Owen
> *Sent:* Wednesday, December 14, 2022 9:32 PM
> *To:* Wang, Harper (FRPPE)
> *Cc:* user@spa
-0d4fd8bcb2ad63a35c9ba5be278a3a34c28fc15e898307e458d501a7e11d6d51?context=explore
https://pypi.org/project/pyspark/
Regards
Harper
From: Sean Owen
Sent: Wednesday, December 14, 2022 9:32 PM
To: Wang, Harper (FRPPE)
Cc: user@spark.apache.org
Subject: [EXTERNAL] Re: [Spark vulnerability] replace jackson-mapper-asl
What Spark
What Spark version are you referring to? If it's an unsupported version,
no, no plans to update it.
What image are you referring to?
On Wed, Dec 14, 2022 at 7:14 AM haibo.w...@morganstanley.com <
haibo.w...@morganstanley.com> wrote:
> Hi All
>
>
>
> Hope you are doing well.
>
>
>
> Writing this
Hi All
Hope you are doing well.
Writing this email for an vulnerable issue: CVE-2018-14721
apache/spark-py:
gav://org.codehaus.jackson:jackson-mapper-asl:1.9.13,CVE-2018-14721,1.8.10-cloudera.2,1.5.0
<= Version <= 1.9.13
We are trying to bring in above image into our firm, but due to the
