[ 
https://issues.apache.org/jira/browse/SPARK-22634?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16572542#comment-16572542
 ] 

Saisai Shao commented on SPARK-22634:
-------------------------------------

[~srowen] I'm wondering if it is possible to upgrade to version 1.6.0, as this 
version fixed to CVEs (https://www.bouncycastle.org/latest_releases.html).

> Update Bouncy castle dependency
> -------------------------------
>
>                 Key: SPARK-22634
>                 URL: https://issues.apache.org/jira/browse/SPARK-22634
>             Project: Spark
>          Issue Type: Task
>          Components: Spark Core, SQL, Structured Streaming
>    Affects Versions: 2.2.0
>            Reporter: Lior Regev
>            Assignee: Sean Owen
>            Priority: Minor
>             Fix For: 2.3.0
>
>
> Spark's usage of jets3t library as well as Spark's own Flume and Kafka 
> streaming uses bouncy castle version 1.51
> This is an outdated version as the latest one is 1.58
> This, in turn renders packages such as 
> [spark-hadoopcryptoledger-ds|https://github.com/ZuInnoTe/spark-hadoopcryptoledger-ds]
>  unusable since these require 1.58 and spark's distributions come along with 
> 1.51
> My own attempt was to run on EMR, and since I automatically get all of 
> spark's dependecies (bouncy castle 1.51 being one of them) into the 
> classpath, using the library to parse blockchain data failed due to missing 
> functionality.
> I have also opened an 
> [issue|https://bitbucket.org/jmurty/jets3t/issues/242/bouncycastle-dependency]
>  with jets3t to update their dependecy as well, but along with that Spark 
> would have to update it's own or at least be packaged with a newer version



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

Reply via email to