[
https://issues.apache.org/jira/browse/SPARK-38061?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17486826#comment-17486826
]
Hyukjin Kwon commented on SPARK-38061:
--------------------------------------
[~sujitbiswas], Firstly, your report does not only include
htrace-core4-4.1.0-incubating but also other dependencies. Secondly, this JIRA
title targets Jackson which is resolved in SPARK-35550. Lastly which dependency
upgrade has to be triaged and tracked because some of them have to be
backported if possible. Some might not be, for example, like Log4J upgrade.
So, please either create a new ticket or update this JIRA ticket.
> security scan issue with htrace-core4-4.1.0-incubating
> ------------------------------------------------------
>
> Key: SPARK-38061
> URL: https://issues.apache.org/jira/browse/SPARK-38061
> Project: Spark
> Issue Type: Bug
> Components: Kubernetes, Security
> Affects Versions: 3.2.0, 3.2.1
> Reporter: Sujit Biswas
> Priority: Major
> Attachments: image-2022-02-03-08-02-29-071.png,
> scan-security-report-spark-3.2.0-jre-11.csv,
> scan-security-report-spark-3.2.1-jre-11.csv
>
>
> Hi,
> running into security scan issue with docker image built on
> spark-3.2.0-bin-hadoop3.2, is there a way to resolve
>
> most issues related to https://issues.apache.org/jira/browse/HDFS-15333
> attaching the CVE report
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
