Thanks for the quick reply, Sean!
Chris Nauroth
On Thu, Apr 14, 2022 at 10:15 AM Sean Owen wrote:
> It does affect 2.4.x, yes. 2.4.x was EOL a while ago, so there wouldn't be
> a new release of 2.4.x in any event. It's recommended to update instead, at
> least to 3.1.3.
>
> On Thu, Apr 14,
It does affect 2.4.x, yes. 2.4.x was EOL a while ago, so there wouldn't be
a new release of 2.4.x in any event. It's recommended to update instead, at
least to 3.1.3.
On Thu, Apr 14, 2022 at 12:07 PM Chris Nauroth wrote:
> A fix for CVE-2021-38296 was committed and released in Apache Spark
A fix for CVE-2021-38296 was committed and released in Apache Spark 3.1.3.
I'm curious, is the issue relevant to the 2.4 version line, and if so, are
there any plans for a backport?
https://lists.apache.org/thread/70x8fw2gx3g9ty7yk0f2f1dlpqml2smd
Chris Nauroth