[
https://issues.apache.org/jira/browse/SPARK-54322?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sujan Pabbathi updated SPARK-54322:
-----------------------------------
Summary: org.apache.ivy:ivy:2.5.1 has (was: org.apache.ivy:ivy )
> org.apache.ivy:ivy:2.5.1 has
> ------------------------------
>
> Key: SPARK-54322
> URL: https://issues.apache.org/jira/browse/SPARK-54322
> Project: Spark
> Issue Type: Dependency upgrade
> Components: Spark Core
> Affects Versions: 3.5.7
> Reporter: Sujan Pabbathi
> Priority: Major
>
> Upgrade Apache Ivy to 2.5.2 due to CVE-2022-46751.
> Spark-core_2.12 had a library
> dependency([org.apache.ivy:ivy|https://deps.dev/maven/org.apache.ivy%3Aivy/2.5.1]:2.5.1).
> It has 8.2 High vulnerability [Apache Ivy External Entity Reference
> vulnerability|https://deps.dev/advisory/osv/GHSA-2jc4-r94c-rp7h]. It is fixed
> in 2.5.2 version. Please upgrade the ivy to 2.5.2
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
