CVE-2022-33891 mitigation

Mon, 21 Nov 2022 12:38:05 -0800 

I am using Spark 2.3.0 and trying to mitigate 
https://nvd.nist.gov/vuln/detail/CVE-2022-33891. The correct thing to do is to 
update. However, I am told this is not happening. Thus, I am trying to 
determine if the following are set:

spark.acls.enable false
spark.history.ui.acls.enable false

These are 100% set in the config. I checked the config for weird whitespace 
issues in a hex editor. Nonetheless, the config does not show up in the UI. 
Thus, I took a heap dump. If I read the heap dump in text mode I can see this:

V is abstract���spark.acls.enable1�0invalid end of optional part at position

I am not able to find this in VisualVM or MAT to determine what that is set to. 
Any thoughts?


Andrew Pomponio | Associate Enterprise Architect, 
OpenLogic<https://www.openlogic.com/?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2019-common&utm_content=email-signature-link>
Perforce 
Software<http://www.perforce.com/?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link>
P: +1 612.517.2100 <tel:>
Visit us on: 
LinkedIn<https://www.linkedin.com/company/perforce?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link>
 | 
Twitter<https://twitter.com/perforce?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link>
 | 
Facebook<https://www.facebook.com/perforce/?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link>
 | 
YouTube<https://www.youtube.com/user/perforcesoftware?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link>

Use our new Community portal to submit/track support 
cases!<https://www.perforce.com/support/community-portal-faq?utm_source=sales-signature&utm_medium=email&utm_campaign=community-portal-faq&utm_content=resource?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link>



This e-mail may contain information that is privileged or confidential. If you 
are not the intended recipient, please delete the e-mail and any attachments 
and notify us immediately.

Reply via email to