[ https://issues.apache.org/jira/browse/SPARK-40126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jason Tan updated SPARK-40126: ------------------------------ Description: Dear Spark Team, Whilst security scanning the docker image: docker.io/apache/spark:v3.3.0, I discovered the following vulnerability/scan results within the image : Type: VULNERABILITY Name: DSA-5169-1 CVSS Score v3: 9.8 Severity: critical The advice from [https://www.debian.org/security/2022/dsa-5169] suggests to upgrade the version of openssl to 1.1.1n-0+deb11u3 Steps to reproduce: Install trivy [https://aquasecurity.github.io/trivy/v0.18.3/installation/] trivy image docker.io/apache/spark:v3.3.0 was: Dear Spark Team, Whilst security scanning the docker image: docker.io/apache/spark:v3.3.0, I discovered the following vulnerability/scan results within the image : Type: VULNERABILITY Name: DSA-5169-1 CVSS Score v3: 9.8 Severity: critical The advice from [https://www.debian.org/security/2022/dsa-5169] suggests to upgrade the version of openssl to 1.1.1n-0+deb11u3 > Security scanning spark v3.3.0 docker image results in DSA-5169-1 critical > vulnerability > ---------------------------------------------------------------------------------------- > > Key: SPARK-40126 > URL: https://issues.apache.org/jira/browse/SPARK-40126 > Project: Spark > Issue Type: Dependency upgrade > Components: Build > Affects Versions: 3.3.0 > Reporter: Jason Tan > Priority: Major > > Dear Spark Team, > Whilst security scanning the docker image: docker.io/apache/spark:v3.3.0, I > discovered the following vulnerability/scan results within the image : > Type: VULNERABILITY > Name: DSA-5169-1 > CVSS Score v3: 9.8 > Severity: critical > The advice from [https://www.debian.org/security/2022/dsa-5169] suggests to > upgrade the version of openssl to 1.1.1n-0+deb11u3 > Steps to reproduce: > Install trivy [https://aquasecurity.github.io/trivy/v0.18.3/installation/] > trivy image docker.io/apache/spark:v3.3.0 -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org