[
https://issues.apache.org/jira/browse/SPARK-38061?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17489537#comment-17489537
]
Abhinav Kumar commented on SPARK-38061:
---------------------------------------
[~hyukjin.kwon] [~sujitbiswas] Are we agreeing to track the vulnerability fix
for htrace-core4-4.1.0-incubating (building it with jackson 2.12.3 or later).
BTW.. even 2.12.3 is showing up with medium criticality vulnerability - but
that is a battle for another day.
Also, [~hyukjin.kwon] I was hoping to see if we can release another version of
Spark, say 3.2.3 with vulnerability fixes. The issue is that we are using Spark
in our company and management is getting concerned due to these vulnerability.
What do you think?
> security scan issue with htrace-core4-4.1.0-incubating
> ------------------------------------------------------
>
> Key: SPARK-38061
> URL: https://issues.apache.org/jira/browse/SPARK-38061
> Project: Spark
> Issue Type: Bug
> Components: Kubernetes, Security
> Affects Versions: 3.2.0, 3.2.1
> Reporter: Sujit Biswas
> Priority: Major
> Attachments: image-2022-02-03-08-02-29-071.png,
> scan-security-report-spark-3.2.0-jre-11.csv,
> scan-security-report-spark-3.2.1-jre-11.csv
>
>
> Hi,
> running into security scan issue with docker image built on
> spark-3.2.0-bin-hadoop3.2, is there a way to resolve
>
> most issues related to https://issues.apache.org/jira/browse/HDFS-15333
> attaching the CVE report
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
