[jira] [Updated] (SPARK-38262) Upgrade Google guava to version 30.0-jre
[ https://issues.apache.org/jira/browse/SPARK-38262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bjørn Jørgensen updated SPARK-38262: Issue Type: Dependency upgrade (was: Bug) > Upgrade Google guava to version 30.0-jre > > > Key: SPARK-38262 > URL: https://issues.apache.org/jira/browse/SPARK-38262 > Project: Spark > Issue Type: Dependency upgrade > Components: Build >Affects Versions: 3.3.0 >Reporter: Bjørn Jørgensen >Priority: Major > > This is duplicated many times like in > [SPARK-32502|https://issues.apache.org/jira/browse/SPARK-32502] > Apache Spark is using com.google.guava:guava version 14.0.1 which has two > security issues. > [CVE-2018-10237|https://nvd.nist.gov/vuln/detail/CVE-2018-10237] > [CVE-2020-8908|https://nvd.nist.gov/vuln/detail/CVE-2020-8908] > We should upgrade to [version > 30.0|https://mvnrepository.com/artifact/com.google.guava/guava/30.0-jre] > I will add some links to what I have found about this issue > [HIVE-25617:fix bug introduced by > CVE-2020-8908|https://github.com/apache/hive/pull/2725] > [Upgrade Guava to 27|https://github.com/apache/druid/pull/10683] > [HIVE-21961: Upgrade Hadoop to 3.1.4, Guava to 27.0-jre and Jetty to > 9.4.20.v20190813|https://github.com/apache/hive/pull/1821] > [Shade Guava manually|https://github.com/apache/druid/issues/6942] > [[DISCUSS] Hadoop 3, dropping support for Hadoop > 2.x|https://lists.apache.org/thread/zmc389trnkh6x444so8mdb2h0x0noqq4] -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org
[jira] [Updated] (SPARK-38262) Upgrade Google guava to version 30.0-jre
[ https://issues.apache.org/jira/browse/SPARK-38262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bjørn Jørgensen updated SPARK-38262: Description: This is duplicated many times like in [SPARK-32502|https://issues.apache.org/jira/browse/SPARK-32502] Apache Spark is using com.google.guava:guava version 14.0.1 which has two security issues. [CVE-2018-10237|https://nvd.nist.gov/vuln/detail/CVE-2018-10237] [CVE-2020-8908|https://nvd.nist.gov/vuln/detail/CVE-2020-8908] We should upgrade to [version 30.0|https://mvnrepository.com/artifact/com.google.guava/guava/30.0-jre] I will add some links to what I have found about this issue [HIVE-25617:fix bug introduced by CVE-2020-8908|https://github.com/apache/hive/pull/2725] [Upgrade Guava to 27|https://github.com/apache/druid/pull/10683] [HIVE-21961: Upgrade Hadoop to 3.1.4, Guava to 27.0-jre and Jetty to 9.4.20.v20190813|https://github.com/apache/hive/pull/1821] [Shade Guava manually|https://github.com/apache/druid/issues/6942] [[DISCUSS] Hadoop 3, dropping support for Hadoop 2.x|https://lists.apache.org/thread/zmc389trnkh6x444so8mdb2h0x0noqq4] was: This is duplicated many times like in [SPARK-32502|https://issues.apache.org/jira/browse/SPARK-32502] Apache Spark is using com.google.guava:guava version 14.0.1 which has two security issues. [CVE-2018-10237|https://nvd.nist.gov/vuln/detail/CVE-2018-10237] [CVE-2020-8908|https://nvd.nist.gov/vuln/detail/CVE-2020-8908] We should upgrade to [version 30.0|https://mvnrepository.com/artifact/com.google.guava/guava/30.0-jre] > Upgrade Google guava to version 30.0-jre > > > Key: SPARK-38262 > URL: https://issues.apache.org/jira/browse/SPARK-38262 > Project: Spark > Issue Type: Bug > Components: Build >Affects Versions: 3.3.0 >Reporter: Bjørn Jørgensen >Priority: Major > > This is duplicated many times like in > [SPARK-32502|https://issues.apache.org/jira/browse/SPARK-32502] > Apache Spark is using com.google.guava:guava version 14.0.1 which has two > security issues. > [CVE-2018-10237|https://nvd.nist.gov/vuln/detail/CVE-2018-10237] > [CVE-2020-8908|https://nvd.nist.gov/vuln/detail/CVE-2020-8908] > We should upgrade to [version > 30.0|https://mvnrepository.com/artifact/com.google.guava/guava/30.0-jre] > I will add some links to what I have found about this issue > [HIVE-25617:fix bug introduced by > CVE-2020-8908|https://github.com/apache/hive/pull/2725] > [Upgrade Guava to 27|https://github.com/apache/druid/pull/10683] > [HIVE-21961: Upgrade Hadoop to 3.1.4, Guava to 27.0-jre and Jetty to > 9.4.20.v20190813|https://github.com/apache/hive/pull/1821] > [Shade Guava manually|https://github.com/apache/druid/issues/6942] > [[DISCUSS] Hadoop 3, dropping support for Hadoop > 2.x|https://lists.apache.org/thread/zmc389trnkh6x444so8mdb2h0x0noqq4] -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org
[jira] [Updated] (SPARK-38262) Upgrade Google guava to version 30.0-jre
[ https://issues.apache.org/jira/browse/SPARK-38262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bjørn Jørgensen updated SPARK-38262: Description: This is duplicated many times like in [SPARK-32502|https://issues.apache.org/jira/browse/SPARK-32502] Apache Spark is using com.google.guava:guava version 14.0.1 which has two security issues. [CVE-2018-10237|https://nvd.nist.gov/vuln/detail/CVE-2018-10237] [CVE-2020-8908|https://nvd.nist.gov/vuln/detail/CVE-2020-8908] We should upgrade to [version 30.0|https://mvnrepository.com/artifact/com.google.guava/guava/30.0-jre] was: Apache Spark is using com.google.guava:guava version 14.0.1 which has two security issues. [CVE-2018-10237|https://nvd.nist.gov/vuln/detail/CVE-2018-10237] [CVE-2020-8908|https://nvd.nist.gov/vuln/detail/CVE-2020-8908] We should upgrade to [version 30.0|https://mvnrepository.com/artifact/com.google.guava/guava/30.0-jre] > Upgrade Google guava to version 30.0-jre > > > Key: SPARK-38262 > URL: https://issues.apache.org/jira/browse/SPARK-38262 > Project: Spark > Issue Type: Bug > Components: Build >Affects Versions: 3.3.0 >Reporter: Bjørn Jørgensen >Priority: Major > > This is duplicated many times like in > [SPARK-32502|https://issues.apache.org/jira/browse/SPARK-32502] > Apache Spark is using com.google.guava:guava version 14.0.1 which has two > security issues. > [CVE-2018-10237|https://nvd.nist.gov/vuln/detail/CVE-2018-10237] > [CVE-2020-8908|https://nvd.nist.gov/vuln/detail/CVE-2020-8908] > We should upgrade to [version > 30.0|https://mvnrepository.com/artifact/com.google.guava/guava/30.0-jre] -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org
[jira] [Updated] (SPARK-38262) Upgrade Google guava to version 30.0-jre
[ https://issues.apache.org/jira/browse/SPARK-38262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bjørn Jørgensen updated SPARK-38262: Description: Apache Spark is using com.google.guava:guava version 14.0.1 which has two security issues. [CVE-2018-10237|https://nvd.nist.gov/vuln/detail/CVE-2018-10237] [CVE-2020-8908|https://nvd.nist.gov/vuln/detail/CVE-2020-8908] We should upgrade to [version 30.0|https://mvnrepository.com/artifact/com.google.guava/guava/30.0-jre] was: Apache Spark are using com.google.guava:guava version 14.0.1 which has two security issues. [CVE-2018-10237|https://nvd.nist.gov/vuln/detail/CVE-2018-10237] [CVE-2020-8908|https://nvd.nist.gov/vuln/detail/CVE-2020-8908] We should upgrade to [version 30.0|https://mvnrepository.com/artifact/com.google.guava/guava/30.0-jre] > Upgrade Google guava to version 30.0-jre > > > Key: SPARK-38262 > URL: https://issues.apache.org/jira/browse/SPARK-38262 > Project: Spark > Issue Type: Bug > Components: Build >Affects Versions: 3.3.0 >Reporter: Bjørn Jørgensen >Priority: Major > > Apache Spark is using com.google.guava:guava version 14.0.1 which has two > security issues. > [CVE-2018-10237|https://nvd.nist.gov/vuln/detail/CVE-2018-10237] > [CVE-2020-8908|https://nvd.nist.gov/vuln/detail/CVE-2020-8908] > We should upgrade to [version > 30.0|https://mvnrepository.com/artifact/com.google.guava/guava/30.0-jre] -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org
[jira] [Updated] (SPARK-38262) Upgrade Google guava to version 30.0-jre
[ https://issues.apache.org/jira/browse/SPARK-38262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bjørn Jørgensen updated SPARK-38262: Description: Apache Spark are using com.google.guava:guava version 14.0.1 which has two security issues. [CVE-2018-10237|https://nvd.nist.gov/vuln/detail/CVE-2018-10237] [CVE-2020-8908|https://nvd.nist.gov/vuln/detail/CVE-2020-8908] We should upgrade to [version 30.0|https://mvnrepository.com/artifact/com.google.guava/guava/30.0-jre] was: Apache Spark are using com.google.guava:guava version 14.0 which has two security issues. [CVE-2018-10237|https://nvd.nist.gov/vuln/detail/CVE-2018-10237] [CVE-2020-8908|https://nvd.nist.gov/vuln/detail/CVE-2020-8908] We should upgrade to [version 30.0|https://mvnrepository.com/artifact/com.google.guava/guava/30.0-jre] > Upgrade Google guava to version 30.0-jre > > > Key: SPARK-38262 > URL: https://issues.apache.org/jira/browse/SPARK-38262 > Project: Spark > Issue Type: Bug > Components: Build >Affects Versions: 3.3.0 >Reporter: Bjørn Jørgensen >Priority: Major > > Apache Spark are using com.google.guava:guava version 14.0.1 which has two > security issues. > [CVE-2018-10237|https://nvd.nist.gov/vuln/detail/CVE-2018-10237] > [CVE-2020-8908|https://nvd.nist.gov/vuln/detail/CVE-2020-8908] > We should upgrade to [version > 30.0|https://mvnrepository.com/artifact/com.google.guava/guava/30.0-jre] -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org
