Re: CVE -2020-28458, How to upgrade datatables dependency
Thx for the update. ( I was about to create the PR). Thx for looking into it. On Sun, 17 Apr 2022, 00:26 Sean Owen, wrote: > FWIW here's an update to 1.10.25: > https://github.com/apache/spark/pull/36226 > > > On Wed, Apr 13, 2022 at 8:28 AM Sean Owen wrote: > >> You can see the files in >> core/src/main/resources/org/apache/spark/ui/static - you can try dropping >> in the new minified versions and see if the UI is OK. >> You can open a pull request if it works to update it, in case this >> affects Spark. >> It looks like the smaller upgrade to 1.10.22 is also sufficient. >> >> On Wed, Apr 13, 2022 at 7:43 AM Pralabh Kumar >> wrote: >> >>> Hi Dev Team >>> >>> Spark 3.2 (and 3.3 might also) have CVE 2020-28458. Therefore in my >>> local repo of Spark I would like to update DataTables to 1.11.5. >>> >>> Can you please help me to point out where I should upgrade DataTables >>> dependency ?. >>> >>> Regards >>> Pralabh Kumar >>> >>
Re: CVE -2020-28458, How to upgrade datatables dependency
FWIW here's an update to 1.10.25: https://github.com/apache/spark/pull/36226 On Wed, Apr 13, 2022 at 8:28 AM Sean Owen wrote: > You can see the files in > core/src/main/resources/org/apache/spark/ui/static - you can try dropping > in the new minified versions and see if the UI is OK. > You can open a pull request if it works to update it, in case this affects > Spark. > It looks like the smaller upgrade to 1.10.22 is also sufficient. > > On Wed, Apr 13, 2022 at 7:43 AM Pralabh Kumar > wrote: > >> Hi Dev Team >> >> Spark 3.2 (and 3.3 might also) have CVE 2020-28458. Therefore in my >> local repo of Spark I would like to update DataTables to 1.11.5. >> >> Can you please help me to point out where I should upgrade DataTables >> dependency ?. >> >> Regards >> Pralabh Kumar >> >
Re: CVE -2020-28458, How to upgrade datatables dependency
You can see the files in core/src/main/resources/org/apache/spark/ui/static - you can try dropping in the new minified versions and see if the UI is OK. You can open a pull request if it works to update it, in case this affects Spark. It looks like the smaller upgrade to 1.10.22 is also sufficient. On Wed, Apr 13, 2022 at 7:43 AM Pralabh Kumar wrote: > Hi Dev Team > > Spark 3.2 (and 3.3 might also) have CVE 2020-28458. Therefore in my > local repo of Spark I would like to update DataTables to 1.11.5. > > Can you please help me to point out where I should upgrade DataTables > dependency ?. > > Regards > Pralabh Kumar >
