s back.
Thanks,
Sankavi
From: Bjørn Jørgensen
Sent: Monday, August 14, 2023 6:11 PM
To: Sankavi Nagalingam
Cc: user@spark.apache.org; Vijaya Kumar Mathupaiyan
Subject: [EXT MSG] Re: Spark Vulnerabilities
EXTERNAL source. Be CAREFUL with links / attachments
I have added links to the git
For the Guava case, you may be interested in
https://github.com/apache/spark/pull/42493
Thanks,
Cheng Pan
> On Aug 14, 2023, at 16:50, Sankavi Nagalingam
> wrote:
>
> Hi Team,
> We could see there are many dependent vulnerabilities present in the latest
> spark-core:3.4.1.jar. PFA
> Could
Yeah, we generally don't respond to "look at the output of my static
analyzer".
Some of these are already addressed in a later version.
Some don't affect Spark.
Some are possibly an issue but hard to change without breaking lots of
things - they are really issues with upstream dependencies.
But
I have added links to the github PR. Or comment for those that I have not
seen before.
Apache Spark has very many dependencies, some can easily be upgraded while
others are very hard to fix.
Please feel free to open a PR if you wanna help.
man. 14. aug. 2023 kl. 14:06 skrev Sankavi Nagalingam
:
Hi Team,
We could see there are many dependent vulnerabilities present in the latest
spark-core:3.4.1.jar. PFA
Could you please let us know when will be the fix version available for the
users.
Thanks,
Sankavi
The information in this e-mail and any attachments is confidential and may be
