[
https://issues.apache.org/jira/browse/SPARK-39969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17577389#comment-17577389
]
Steve Loughran commented on SPARK-39969:
----------------------------------------
there's an AWS SDK CVE which is fixed with HADOOP-18344; the s3a code and the
spark kinesis module aren't vulnerable to it, but people will be complaining
anyway
> Spark AWS SDK and kinesis dependencies lagging hadoop-aws and s3a
> -----------------------------------------------------------------
>
> Key: SPARK-39969
> URL: https://issues.apache.org/jira/browse/SPARK-39969
> Project: Spark
> Issue Type: Improvement
> Components: Build
> Affects Versions: 3.4.0
> Reporter: Steve Loughran
> Priority: Minor
>
> The AWS SDK and matching kinesis versions are now a few iterations behind
> what is shipping in hadoop 3.3.x. ( see HADOOP-18068 and HADOOP-18344)
> * this updates dependencies/bundling of jackson and httpclient
> * no problems upgrading other than some test regressions
> catching up would be good, as it means that recent s3a releases are not
> qualified with the AWS SDK release spark is pulling in -and if there is any
> problem. it'll be a spark team issue.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
