[
https://issues.apache.org/jira/browse/SPARK-13471?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steve Loughran resolved SPARK-13471.
------------------------------------
Resolution: Won't Fix
> Upgrade spark-project hive 1.2.1 jar to one with a groovy 2.4.4 dependency
> --------------------------------------------------------------------------
>
> Key: SPARK-13471
> URL: https://issues.apache.org/jira/browse/SPARK-13471
> Project: Spark
> Issue Type: Improvement
> Components: SQL
> Affects Versions: 1.6.0
> Reporter: Steve Loughran
>
> The version of groovy that Hive 1.2.1 is built with contains a serialization
> vulnerability,
> While this shouldn't expose Spark to any attacks (it doesn't need the groovy
> artifacts to work), the POMs may still export that transitive groovy
> dependency.
> Fix: declare that org.spark-project.hive depends on groovy 2.4.4, rebuild and
> republish, update spark dependencies to new version
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
