[
https://issues.apache.org/jira/browse/SPARK-38262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bjørn Jørgensen updated SPARK-38262:
------------------------------------
Description:
This is duplicated many times like in
[SPARK-32502|https://issues.apache.org/jira/browse/SPARK-32502]
Apache Spark is using com.google.guava:guava version 14.0.1 which has two
security issues.
[CVE-2018-10237|https://nvd.nist.gov/vuln/detail/CVE-2018-10237]
[CVE-2020-8908|https://nvd.nist.gov/vuln/detail/CVE-2020-8908]
We should upgrade to [version
30.0|https://mvnrepository.com/artifact/com.google.guava/guava/30.0-jre]
was:
Apache Spark is using com.google.guava:guava version 14.0.1 which has two
security issues.
[CVE-2018-10237|https://nvd.nist.gov/vuln/detail/CVE-2018-10237]
[CVE-2020-8908|https://nvd.nist.gov/vuln/detail/CVE-2020-8908]
We should upgrade to [version
30.0|https://mvnrepository.com/artifact/com.google.guava/guava/30.0-jre]
> Upgrade Google guava to version 30.0-jre
> ----------------------------------------
>
> Key: SPARK-38262
> URL: https://issues.apache.org/jira/browse/SPARK-38262
> Project: Spark
> Issue Type: Bug
> Components: Build
> Affects Versions: 3.3.0
> Reporter: Bjørn Jørgensen
> Priority: Major
>
> This is duplicated many times like in
> [SPARK-32502|https://issues.apache.org/jira/browse/SPARK-32502]
> Apache Spark is using com.google.guava:guava version 14.0.1 which has two
> security issues.
> [CVE-2018-10237|https://nvd.nist.gov/vuln/detail/CVE-2018-10237]
> [CVE-2020-8908|https://nvd.nist.gov/vuln/detail/CVE-2020-8908]
> We should upgrade to [version
> 30.0|https://mvnrepository.com/artifact/com.google.guava/guava/30.0-jre]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
