Hi Folks, I observed that in spark 2.2.x version we are using NimbusDS JOSE JWT jar 3.9 version, but i saw few vulnerability has been reported for this particular version jar. please refer below details https://nvd.nist.gov/vuln/detail/CVE-2017-12973, https://www.cvedetails.com/cve/CVE-2017-12972/
As per details this vulnerability is been detected prior to 4.39 jars, we are planning to upgrade this jar. Just wanted to know that is their any reason why this jar has not been upgraded in community release as this consists of vulnerabilities. Appreciate your suggestions. Thanks, Sujith -- Sent from: http://apache-spark-developers-list.1001551.n3.nabble.com/ --------------------------------------------------------------------- To unsubscribe e-mail: dev-unsubscr...@spark.apache.org