[jira] [Commented] (SPARK-40422) Upgrade hive to 4.0.0
[ https://issues.apache.org/jira/browse/SPARK-40422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17620774#comment-17620774 ] Bilna commented on SPARK-40422: --- [~srowen] In the mvn dependency tree I can see google-gson is coming through apache hive. that is the reason I have requested to upgrade the hive version. Can you please tell me which JIRA fixed the GSON version > Upgrade hive to 4.0.0 > - > > Key: SPARK-40422 > URL: https://issues.apache.org/jira/browse/SPARK-40422 > Project: Spark > Issue Type: Dependency upgrade > Components: SQL >Affects Versions: 3.3.0 >Reporter: Bilna >Priority: Major > > Upgrade hive to 4.0.0 to avoid security vulnerability CVE-2022-25647 through > google-gson:2.2.4. In hive:4.0.0, the google-gson is upgraded to 2.8.9 for > which CVE is not reported yet. > -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org
[jira] [Commented] (SPARK-40457) upgrade jackson data mapper to latest
[ https://issues.apache.org/jira/browse/SPARK-40457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17620766#comment-17620766 ] Bilna commented on SPARK-40457: --- [~hyukjin.kwon] Understood. So I think I can mark this as false positive. Thanks for the link > upgrade jackson data mapper to latest > -- > > Key: SPARK-40457 > URL: https://issues.apache.org/jira/browse/SPARK-40457 > Project: Spark > Issue Type: Improvement > Components: SQL >Affects Versions: 3.3.0 >Reporter: Bilna >Priority: Major > > Upgrade jackson-mapper-asl to the latest to resolve CVE-2019-10172 -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org
[jira] [Commented] (SPARK-40758) Upgrade Apache zookeeper to get rid of CVE-2020-10663
[ https://issues.apache.org/jira/browse/SPARK-40758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17620765#comment-17620765 ] Bilna commented on SPARK-40758: --- https://issues.apache.org/jira/browse/ZOOKEEPER-3933 This link says the reported CVE is false positive. So I think we can close this. > Upgrade Apache zookeeper to get rid of CVE-2020-10663 > - > > Key: SPARK-40758 > URL: https://issues.apache.org/jira/browse/SPARK-40758 > Project: Spark > Issue Type: Improvement > Components: Spark Core >Affects Versions: 3.3.0 >Reporter: Bilna >Priority: Major > > In order to resolve security vulnerability CVE-2020-10663, upgrade Apache > zookeeper to 3.8.0 -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org
[jira] [Commented] (SPARK-40457) upgrade jackson data mapper to latest
[ https://issues.apache.org/jira/browse/SPARK-40457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17616249#comment-17616249 ] Bilna commented on SPARK-40457: --- Are we going to remove this dependency from spark's pom file in Spark 3.4? > upgrade jackson data mapper to latest > -- > > Key: SPARK-40457 > URL: https://issues.apache.org/jira/browse/SPARK-40457 > Project: Spark > Issue Type: Improvement > Components: SQL >Affects Versions: 3.3.0 >Reporter: Bilna >Priority: Major > > Upgrade jackson-mapper-asl to the latest to resolve CVE-2019-10172 -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org
[jira] [Commented] (SPARK-40457) upgrade jackson data mapper to latest
[ https://issues.apache.org/jira/browse/SPARK-40457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17615907#comment-17615907 ] Bilna commented on SPARK-40457: --- This link: https://github.com/bjornjorgensen/spark/security/dependabot/1 is giving 404 > upgrade jackson data mapper to latest > -- > > Key: SPARK-40457 > URL: https://issues.apache.org/jira/browse/SPARK-40457 > Project: Spark > Issue Type: Improvement > Components: SQL >Affects Versions: 3.3.0 >Reporter: Bilna >Priority: Major > > Upgrade jackson-mapper-asl to the latest to resolve CVE-2019-10172 -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org
[jira] [Created] (SPARK-40758) Upgrade Apache zookeeper to get rid of CVE-2020-10663
Bilna created SPARK-40758: - Summary: Upgrade Apache zookeeper to get rid of CVE-2020-10663 Key: SPARK-40758 URL: https://issues.apache.org/jira/browse/SPARK-40758 Project: Spark Issue Type: Improvement Components: Spark Core Affects Versions: 3.3.0 Reporter: Bilna In order to resolve security vulnerability CVE-2020-10663, upgrade Apache zookeeper to 3.8.0 -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org
[jira] [Commented] (SPARK-40457) upgrade jackson data mapper to latest
[ https://issues.apache.org/jira/browse/SPARK-40457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17607082#comment-17607082 ] Bilna commented on SPARK-40457: --- [~hyukjin.kwon] it is org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13 > upgrade jackson data mapper to latest > -- > > Key: SPARK-40457 > URL: https://issues.apache.org/jira/browse/SPARK-40457 > Project: Spark > Issue Type: Improvement > Components: SQL >Affects Versions: 3.3.0 >Reporter: Bilna >Priority: Major > > Upgrade jackson-mapper-asl to the latest to resolve CVE-2019-10172 -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org
[jira] [Created] (SPARK-40457) upgrade jackson data mapper to latest
Bilna created SPARK-40457: - Summary: upgrade jackson data mapper to latest Key: SPARK-40457 URL: https://issues.apache.org/jira/browse/SPARK-40457 Project: Spark Issue Type: Improvement Components: SQL Affects Versions: 3.3.0 Reporter: Bilna Upgrade jackson-mapper-asl to the latest to resolve CVE-2019-10172 -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org
[jira] [Created] (SPARK-40422) Upgrade hive to 4.0.0
Bilna created SPARK-40422: - Summary: Upgrade hive to 4.0.0 Key: SPARK-40422 URL: https://issues.apache.org/jira/browse/SPARK-40422 Project: Spark Issue Type: Dependency upgrade Components: SQL Affects Versions: 3.3.0 Reporter: Bilna Upgrade hive to 4.0.0 to avoid security vulnerability CVE-2022-25647 through google-gson:2.2.4. In hive:4.0.0, the google-gson is upgraded to 2.8.9 for which CVE is not reported yet. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org