[ https://issues.apache.org/jira/browse/SPARK-13471?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Steve Loughran resolved SPARK-13471. ------------------------------------ Resolution: Won't Fix > Upgrade spark-project hive 1.2.1 jar to one with a groovy 2.4.4 dependency > -------------------------------------------------------------------------- > > Key: SPARK-13471 > URL: https://issues.apache.org/jira/browse/SPARK-13471 > Project: Spark > Issue Type: Improvement > Components: SQL > Affects Versions: 1.6.0 > Reporter: Steve Loughran > > The version of groovy that Hive 1.2.1 is built with contains a serialization > vulnerability, > While this shouldn't expose Spark to any attacks (it doesn't need the groovy > artifacts to work), the POMs may still export that transitive groovy > dependency. > Fix: declare that org.spark-project.hive depends on groovy 2.4.4, rebuild and > republish, update spark dependencies to new version -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org