[ https://issues.apache.org/jira/browse/SPARK-28255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16879730#comment-16879730 ]
Dongjoon Hyun commented on SPARK-28255: --------------------------------------- Could you provide how to verify the vulnerabilities, [~bozho]? And, what is the alternative for Py4J? py4j-0.10.8.1 is the latest one. If there is no update from Py4J, this issue might be invalid. > Upgrade dependencies with vulnerabilities > ----------------------------------------- > > Key: SPARK-28255 > URL: https://issues.apache.org/jira/browse/SPARK-28255 > Project: Spark > Issue Type: Bug > Components: Spark Core > Affects Versions: 3.0.0 > Reporter: Bozhidar Bozhanov > Priority: Major > > There are severe vulnerabilities in two dependencies: > > [ERROR] hadoop-mapreduce-client-core-2.7.3.jar: CVE-2018-8029, > CVE-2016-6811[ERROR] py4j-0.10.8.1.jar: CVE-2016-5636, CVE-2008-1887 -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org