Holden Karau created SPARK-56533:
------------------------------------
Summary: Upgrade Hadoop version in 3.5.X branch to version without
shaded CVEs
Key: SPARK-56533
URL: https://issues.apache.org/jira/browse/SPARK-56533
Project: Spark
Issue Type: Improvement
Components: Spark Core
Affects Versions: 3.5.9
Reporter: Holden Karau
The latest 3.3 Hadoop version has some shaded dependencies which have known
CVEs while I don't see any which are directly exploitable, let's upgrade to
3.4.X (see [https://hadoop.apache.org/docs/r3.4.0/index.html] +
[https://hadoop.apache.org/docs/r3.4.1/hadoop-project-dist/hadoop-common/AdminCompatibilityGuide.html]
) indicates it should be compatible "Minor: a minor release will typically
include some new functionality as well as fixes for some notable issues. A
minor release should not pose much upgrade risk in most cases. A minor release
increments the middle number of release version, e.g. going from 2.8.2 to
2.9.0."
The previous downgrade ( SPARK-44678 ), should no longer apply (S3A fix has
long since landed in Hadoop 3.4).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
