The release vote has already closed and passed. Derby is only used in tests AFAIK, so I don't think this is even critical let alone a blocker. Updating is fine though, open a PR.
On Tue, Jul 26, 2016 at 3:37 PM, Stephen Hellberg <hell...@uk.ibm.com> wrote: > -1 Sorry, I've just noted that the RC5 proposal includes shipping Derby @ > 10.11.1.1 which is vulnerable to CVE: 2015-1832. > It would be ideal if we could instead ship 10.12.1.1 real soon. > > > > -- > View this message in context: > http://apache-spark-developers-list.1001551.n3.nabble.com/VOTE-Release-Apache-Spark-2-0-0-RC5-tp18367p18465.html > Sent from the Apache Spark Developers List mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe e-mail: dev-unsubscr...@spark.apache.org > --------------------------------------------------------------------- To unsubscribe e-mail: dev-unsubscr...@spark.apache.org