Ray Donnelly created SPARK-24229: ------------------------------------ Summary: Upgrade to the latest Apache Thrift 0.10.0 release Key: SPARK-24229 URL: https://issues.apache.org/jira/browse/SPARK-24229 Project: Spark Issue Type: Bug Components: Java API Affects Versions: 2.3.0 Reporter: Ray Donnelly
According to [https://www.cvedetails.com/cve/CVE-2016-5397/] .. there are critical vulnerabilities in libthrift 0.9.3 currently vendored in Apache Spark (and then, for us, into PySpark). Can anyone help to assess the seriousness of this and what should be done about it? -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org