Jason Tan created SPARK-40126: --------------------------------- Summary: Security scanning spark v3.3.0 results in DSA-5169-1 critical vulnerability Key: SPARK-40126 URL: https://issues.apache.org/jira/browse/SPARK-40126 Project: Spark Issue Type: Dependency upgrade Components: Build Affects Versions: 3.3.0 Reporter: Jason Tan
Dear Spark Team, Whilst security scanning the docker image: docker.io/apache/spark:v3.3.0, I discovered the following vulnerability/scan results within the image : Type: VULNERABILITY Name: DSA-5169-1 CVSS Score v3: 9.8 Severity: critical The advice from [https://www.debian.org/security/2022/dsa-5169] suggests to upgrade the version of openssl to 1.1.1n-0+deb11u3 -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org