building spark. I think it is
>>> being downloaded as part of some other dependency.
>>>
>>>
>>>
>>> *From:* Sean Owen
>>> *Sent:* Thursday, August 31, 2023 5:10 PM
>>> *To:* Agrawal, Sanket
>>> *Cc:* user@spark.apache.org
>>>
t;
>>
>> *From:* Sean Owen
>> *Sent:* Thursday, August 31, 2023 5:10 PM
>> *To:* Agrawal, Sanket
>> *Cc:* user@spark.apache.org
>> *Subject:* [EXT] Re: Okio Vulnerability in Spark 3.4.1
>>
>>
>>
>> Does the vulnerability affect Spark?
>>
>&g
. I think it is being
> downloaded as part of some other dependency.
>
>
>
> *From:* Sean Owen
> *Sent:* Thursday, August 31, 2023 5:10 PM
> *To:* Agrawal, Sanket
> *Cc:* user@spark.apache.org
> *Subject:* [EXT] Re: Okio Vulnerability in Spark 3.4.1
>
>
>
>
f some other dependency.
>
>
>
> *From:* Sean Owen
> *Sent:* Thursday, August 31, 2023 5:10 PM
> *To:* Agrawal, Sanket
> *Cc:* user@spark.apache.org
> *Subject:* [EXT] Re: Okio Vulnerability in Spark 3.4.1
>
>
>
> Does the vulnerability affect Spark?
>
I don’t see an entry in pom.xml while building spark. I think it is being
downloaded as part of some other dependency.
From: Sean Owen
Sent: Thursday, August 31, 2023 5:10 PM
To: Agrawal, Sanket
Cc: user@spark.apache.org
Subject: [EXT] Re: Okio Vulnerability in Spark 3.4.1
Does
Does the vulnerability affect Spark?
In any event, have you tried updating Okio in the Spark build? I don't
believe you could just replace the JAR, as other libraries probably rely on
it and compiled against the current version.
On Thu, Aug 31, 2023 at 6:02 AM Agrawal, Sanket
wrote:
> Hi All,
>
Hi All,
Amazon inspector has detected a vulnerability in okio-1.15.0.jar JAR in Spark
3.4.1. It suggests to upgrade the jar version to 3.4.0. But when we try this
version of jar then the spark application is failing with below error:
py4j.protocol.Py4JJavaError: An error occurred while calling
