[
https://issues.apache.org/jira/browse/SPARK-53745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18041133#comment-18041133
]
Vitaliy Osipov commented on SPARK-53745:
----------------------------------------
User 'eschcam' has created a pull request for this issue:
https://github.com/apache/spark/pull/51774
> Update Python mlflow to 3.1.0
> -----------------------------
>
> Key: SPARK-53745
> URL: https://issues.apache.org/jira/browse/SPARK-53745
> Project: Spark
> Issue Type: Dependency upgrade
> Components: Tests
> Affects Versions: 4.1.0
> Reporter: Cameron
> Priority: Major
>
> Mlflow 2.3.1 contains the following vulnerabilities:
> * CVE-2023-6909 : 8.7 Severity
> * CVE-2023-6831 : 10.0 Severity
> * CVE-2023-6568 : 6.5 Severity
> * CVE-2023-4033 : 8.8 Severity
> * CVE-2023-6709 : 8.8 Severity
> * CVE-2023-3765 : 10.0 Severity
> * CVE-2023-6753 : 8.8 Severity
> * CVE-2024-27134 : 7.3 Severity
> * CVE-2024-0520 : 10.0 Severity
> * CVE-2024-27132 : 9.6 Severity
> * CVE-2024-27133 : 9.6 Severity
> * CVE-2024-2928 : 7.5 Severity
> * CVE-2024-3573 : 9.3 Severity
> * CVE-2024-3848 : 7.5 Severity
> * CVE-2025-1474 : 5.5 Severity
> * CVE-2025-52967 : 5.8 Severity
> * CVE-2023-6014 : 9.1 Severity
> * CVE-2024-8859 : 7.5 Severity
> * CVE-2023-6974 : 9.8 Severity
> * CVE-2023-6018 : 10.0 Severity
> * CVE-2024-3099 : 5.4 Severity
> * CVE-2023-6015 : 10.0 Severity
> * CVE-2024-1483 : 7.5 Severity
> * CVE-2023-6975 : 9.8 Severity
> * CVE-2023-6940 : 8.8 Severity
> * CVE-2024-1558 : 7.5 Severity
> * CVE-2024-4263 : 5.4 Severity
> * CVE-2023-6977 : 7.5 Severity
> * CVE-2023-43472 : 7.5 Severity
> * CVE-2023-6976 : 8.8 Severity
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
