Dear Spark teams. Hope you are doing well. Writing this email for a vulnerable issue: CVE-2018-14721. And jackson-mapper-asl:1.9.13 is an older version of jackson-databind which is used in mentioned images.
[cid:image003.jpg@01DACEC7.FAA91650] We are trying to bring in spark 3.4.2 and 3.5.1 into our firm, but due to the vulnerable issue, we can't. Could you help us confirm whether this problem will affect the above version of spark docker image and pyspark lib? We need a release note / security bulletin to confirm this. Thank you for your assistance. Regards Will Qin ________________________________ Morgan Stanley is not acting as a municipal advisor and the opinions or views contained herein are not intended to be, and do not constitute, advice within the meaning of Section 975 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. By communicating with Morgan Stanley you acknowledge that you have read, understand and consent, (where applicable), to the Morgan Stanley Privacy Policies https://www.morganstanley.com/privacy-pledge and General Disclaimers found at http://www.morganstanley.com/disclaimers/terms. The entire content of this email message and any files attached to it may be sensitive, confidential, subject to legal privilege and/or otherwise protected from disclosure.
