Re: Apache spark 3.0.3 [Spark lower version enhancements]

[Rajesh Krishnamurthy]

Hi Sean,

  I am looking for fixing the vulnerabilities such as these in the 3.0.X branch.

1)
CVE-2019-17531
2)CVE-2020-9480
3)CVE-2019-0204


Rajesh Krishnamurthy | Enterprise Architect
T: +1 510-833-7189 | M: +1 925-917-9208
http://www.perforce.com
Visit us on: 
Twitter<https://nam12.safelinks.protection.outlook.com/?url=https://twitter.com/perforce&data=04%7c01%7crkrishnamur...@perforce.com%7C67639f41e2f0452b409608d96814840a%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637655259607389020%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=%7C1000&sdata=66YlLKPkoZeh1CyMFzjEG8eFva8EmsPSvRqUFtEf960=&reserved=0>
 | 
LinkedIn<https://nam12.safelinks.protection.outlook.com/?url=https://www.linkedin.com/company/perforce?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2019-common&utm_content=email-signature-link&data=04%7c01%7crkrishnamur...@perforce.com%7C785c930f82dc42cdee2b08d98e9b8d5d%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637697621028603583%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=%7C1000&sdata=03F8rlgn5xcYUU3pEkCe85X+Bs4q/WfHlXCne+MshaI=&reserved=0>
 | 
Facebook<https://nam12.safelinks.protection.outlook.com/?url=https://www.facebook.com/perforce/?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2019-common&utm_content=email-signature-link&data=04%7c01%7crkrishnamur...@perforce.com%7C785c930f82dc42cdee2b08d98e9b8d5d%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637697621028603583%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=%7C1000&sdata=Jlq031LQ06isyWhiwRQSrTiJnjEZzUc38nULB2yIt5w=&reserved=0>

On Feb 14, 2022, at 1:52 PM, Sean Owen 
mailto:sro...@gmail.com>> wrote:

What vulnerabilities are you referring to? I'm not aware of any critical 
outstanding issues, but not sure what you have in mind either.
See 
https://spark.apache.org/versioning-policy.html<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fspark.apache.org%2Fversioning-policy.html&data=04%7C01%7Crkrishnamurthy%40perforce.com%7C76e603a3a65f4995de7608d9f0044ec4%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637804723570591827%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=hFpqIT9rnZhmvSIgWQkqx5SsppiZ61CYgJzfKyYzGy4%3D&reserved=0>
 - 3.0.x is EOL about now, which doesn't mean there can't be another release, 
but would not generally expect one.

On Mon, Feb 14, 2022 at 3:48 PM Rajesh Krishnamurthy 
mailto:rkrishnamur...@perforce.com>> wrote:
Hi Sean,

   Thanks for the response. Does the community have any plans of fixing any 
vulnerabilities that have been identified in the 3.0.3 version? Do you have any 
fixed date that 3.0.x is going to be EOL?



Rajesh Krishnamurthy | Enterprise Architect
T: +1 510-833-7189 | M: +1 925-917-9208
http://www.perforce.com<http://www.perforce.com/>
Visit us on: 
Twitter<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fperforce&data=04%7C01%7Crkrishnamurthy%40perforce.com%7C76e603a3a65f4995de7608d9f0044ec4%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637804723570591827%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=JfbqWgdPMLqKTi4R30jFCejBtjbNj%2B%2F4paZz87SRxNI%3D&reserved=0>
 | 
LinkedIn<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fperforce%3Futm_leadsource%3Demail-signature&data=04%7C01%7Crkrishnamurthy%40perforce.com%7C76e603a3a65f4995de7608d9f0044ec4%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637804723570591827%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=nknKNJ6Zn%2Bh2WkC2IJ3nS2fkjKBJRMBqX3Sn7XeU%2FJg%3D&reserved=0>
 | 
Facebook<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Fperforce%2F%3Futm_leadsource%3Demail-signature&data=04%7C01%7Crkrishnamurthy%40perforce.com%7C76e603a3a65f4995de7608d9f0044ec4%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637804723570591827%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=kkWBd7OMHaH6zpo2p6D2TFtj%2FjzrUMmHvthrWgKrvXg%3D&reserved=0>

On Feb 11, 2022, at 3:09 PM, Sean Owen 
mailto:sro...@gmail.com>> wrote:

3.0.x is about EOL now, and I hadn't heard anyone come forward to push a final 
maintenance release. Is there a specific issue you're concerned about?

On Fri, Feb 11, 2022 at 4:24 PM Rajesh Krishnamurthy 
mailto:rkrishnamur...@perforce.com>> wrote:
Hi there,

  We are just wondering if there are any agenda by the Spark community to 
actively engage development activities on the 3.0.x

Apache spark 3.0.3 [Spark lower version enhancements]

[Rajesh Krishnamurthy]

Hi there,

  We are just wondering if there are any agenda by the Spark community to 
actively engage development activities on the 3.0.x path. I know we have the 
latest version of Spark with 3.2.x, but we are just wondering if any 
development plans to have the vulnerabilities fixed on the 3.0.x path that were 
identified on the 3.0.3 version, so that we don’t need to migrate to next major 
version(3.1.x in this case), but at the same time all the vulnerabilities fixed 
within the minor version upgrade(eg:3.0.x)


Rajesh Krishnamurthy | Enterprise Architect
T: +1 510-833-7189 | M: +1 925-917-9208
http://www.perforce.com
Visit us on: 
Twitter<https://nam12.safelinks.protection.outlook.com/?url=https://twitter.com/perforce&data=04%7c01%7crkrishnamur...@perforce.com%7C67639f41e2f0452b409608d96814840a%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637655259607389020%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=%7C1000&sdata=66YlLKPkoZeh1CyMFzjEG8eFva8EmsPSvRqUFtEf960=&reserved=0>
 | 
LinkedIn<https://nam12.safelinks.protection.outlook.com/?url=https://www.linkedin.com/company/perforce?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2019-common&utm_content=email-signature-link&data=04%7c01%7crkrishnamur...@perforce.com%7C785c930f82dc42cdee2b08d98e9b8d5d%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637697621028603583%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=%7C1000&sdata=03F8rlgn5xcYUU3pEkCe85X+Bs4q/WfHlXCne+MshaI=&reserved=0>
 | 
Facebook<https://nam12.safelinks.protection.outlook.com/?url=https://www.facebook.com/perforce/?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2019-common&utm_content=email-signature-link&data=04%7c01%7crkrishnamur...@perforce.com%7C785c930f82dc42cdee2b08d98e9b8d5d%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637697621028603583%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=%7C1000&sdata=Jlq031LQ06isyWhiwRQSrTiJnjEZzUc38nULB2yIt5w=&reserved=0>



This e-mail may contain information that is privileged or confidential. If you 
are not the intended recipient, please delete the e-mail and any attachments 
and notify us immediately.