[jira] [Commented] (SPARK-24229) Upgrade to the latest Apache Thrift 0.10.0 release

Ray Donnelly (JIRA) Sun, 13 May 2018 11:21:44 -0700

    [ 
https://issues.apache.org/jira/browse/SPARK-24229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16473595#comment-16473595
 ]


Ray Donnelly commented on SPARK-24229:
--------------------------------------

Ok I'll need to figure out how to test it then. Thanks for the help.

> Upgrade to the latest Apache Thrift 0.10.0 release
> --------------------------------------------------
>
>                 Key: SPARK-24229
>                 URL: https://issues.apache.org/jira/browse/SPARK-24229
>             Project: Spark
>          Issue Type: Bug
>          Components: Java API
>    Affects Versions: 2.3.0
>            Reporter: Ray Donnelly
>            Priority: Critical
>
> According to [https://www.cvedetails.com/cve/CVE-2016-5397/]
>  
> .. there are critical vulnerabilities in libthrift 0.9.3 currently vendored 
> in Apache Spark (and then, for us, into PySpark).
>  
> Can anyone help to assess the seriousness of this and what should be done 
> about it?
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

[jira] [Commented] (SPARK-24229) Upgrade to the latest Apache Thrift 0.10.0 release

Reply via email to