mridulm commented on code in PR #46515: URL: https://github.com/apache/spark/pull/46515#discussion_r1635903458
########## docs/security.md: ########## @@ -207,6 +207,15 @@ The following table describes the different options available for configuring th </td> <td>2.2.0</td> </tr> +<tr> + <td><code>spark.network.crypto.cipher</code></td> + <td>AES/CTR/NoPadding</td> + <td> + Cipher mode to use. Defaults "AES/CTR/NoPadding" for backward compatibility, which is not authenticated. + Recommended to use "AES/GCM/NoPadding", which is an authenticated encryption mode. + </td> + <td>4.0.0</td> Review Comment: That was a preview release, I am sure we will have additional new features landing and existing behavior evolving before 4.0 RC gets cut :-) Note that this specific PR will also get backported to 3.5 and 3.4 - given the security concerns it is mitigating. So would love to hear your thoughts @Ngone51 - particularly with the intent to derisk the change. If you need more context on why we need to backport this to 3.5/3.4, @sweisdb could provide you more context via email. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For additional commands, e-mail: reviews-h...@spark.apache.org
