[
https://issues.apache.org/jira/browse/SPARK-35054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17337161#comment-17337161
]
Shashank Jain commented on SPARK-35054:
---------------------------------------
hi [~dongjoon] / [~hyukjin.kwon] can you please point out openjdk version which
is currently been used for spark 3.0.0 build which doesnt have any
vulnerability, So that we can use the same for our build purpose as well.
Would really appreciate if you point out to that build which it is been
checkedin.
> Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
> -------------------------------------------------------------------
>
> Key: SPARK-35054
> URL: https://issues.apache.org/jira/browse/SPARK-35054
> Project: Spark
> Issue Type: Bug
> Components: Spark Core
> Affects Versions: 3.0.0
> Reporter: Shashank Jain
> Priority: Major
> Attachments: spark_docker.rtf
>
>
> Currently while running Trivy Scan on Spark build we are getting the
> following critical vulnerability
> CVE-2021-20231
> CVE-2021-20232
> How to fix these vulnerabilities in spark 3.0.0 branch ?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
