[ https://issues.apache.org/jira/browse/SPARK-43388?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17724301#comment-17724301 ]
Sean R. Owen commented on SPARK-43388: -------------------------------------- Generally speaking - please also make an argument that these affect Spark when reporting. (But this one is already updated, yes) > Latest docker Spark image has critical CVE > ------------------------------------------ > > Key: SPARK-43388 > URL: https://issues.apache.org/jira/browse/SPARK-43388 > Project: Spark > Issue Type: Bug > Components: Spark Docker > Affects Versions: 3.4.0 > Reporter: mahiki jones > Priority: Major > Attachments: spark-docker.CVE-everywhere.png > > > I pulled the latest spark 3.4.0 image from dockerhub, on 2023-04-28 and found > after scanning on docker desktop that there are several critical CVE found > (see screenshot). > It seems like some changes to github actions are needed to rebuild with > updated dependencies on a regular cadence. > > Notes: > Original project issue: https://issues.apache.org/jira/browse/SPARK-40513 > [https://hub.docker.com/r/apache/spark/tags] > https://github.com/apache/spark-docker/actions > -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org