Probably a few months between maintenance releases. It does not appear to affect Spark, however.
On Thu, Oct 27, 2022 at 9:24 AM Pastrana, Rodrigo (RIS-BCT) <rodrigo.pastr...@lexisnexisrisk.com.invalid> wrote: > Hello, > > This issue (SPARK-40801) > <https://issues.apache.org/jira/browse/SPARK-40801> which addresses > CVE-2022-42889 doesn’t seem to have been included in the latest release ( > 3.3.1 <https://spark.apache.org/releases/spark-release-3-3-1.html>). > > Is there a way to estimate a timeline for the first release which includes > that change (likely 3.3.2)? Much appreciation! > > ------------------------------ > The information contained in this e-mail message is intended only for the > personal and confidential use of the recipient(s) named above. This message > may be an attorney-client communication and/or work product and as such is > privileged and confidential. If the reader of this message is not the > intended recipient or an agent responsible for delivering it to the > intended recipient, you are hereby notified that you have received this > document in error and that any review, dissemination, distribution, or > copying of this message is strictly prohibited. If you have received this > communication in error, please notify us immediately by e-mail, and delete > the original message. >
