Re: CVE-2020-13936

2022-05-05 Thread Martin Grigorov
Hi, On Thu, May 5, 2022 at 8:44 PM Sean Owen wrote: > This is a Velocity issue. Spark doesn't use it, although it looks like > Avro does. From reading the CVE, I do not believe it would impact Avro's > usage - velocity templates it may use for codegen aren't exposed that I > know of. Is there a

Re: [VOTE] Release Spark 3.3.0 (RC1)

2022-05-05 Thread Adam Binford
I looked back at the first one (SPARK-37618), it expects/assumes a 0022 umask to correctly test the behavior. I'm not sure how to get that to not fail or be ignored with a more open umask. On Thu, May 5, 2022 at 1:56 PM Sean Owen wrote: > I'm seeing test failures; is anyone seeing ones like

Re: [VOTE] Release Spark 3.3.0 (RC1)

2022-05-05 Thread Sean Owen
I'm seeing test failures; is anyone seeing ones like this? This is Java 8 / Scala 2.12 / Ubuntu 22.04: - SPARK-37618: Sub dirs are group writable when removing from shuffle service enabled *** FAILED *** [OWNER_WRITE, GROUP_READ, GROUP_WRITE, GROUP_EXECUTE, OTHERS_READ, OWNER_READ,

Re: CVE-2020-13936

2022-05-05 Thread Sean Owen
This is a Velocity issue. Spark doesn't use it, although it looks like Avro does. From reading the CVE, I do not believe it would impact Avro's usage - velocity templates it may use for codegen aren't exposed that I know of. Is there a known relationship to Spark here? That is the key question in

CVE-2020-13936

2022-05-05 Thread Pralabh Kumar
Hi Dev Team Please let me know if there is a jira to track this CVE changes with respect to Spark . Searched jira but couldn't find anything. Please help Regards Pralabh Kumar

An online kmeans algorithm for Spark

2022-05-05 Thread Manolis Gemeliaris
Hello everyone on the Dev team of Apache Spark. My name is Manolis Gemeliaris and I am a student at the Hellenic Mediterranean University (former TEI of Crete). For my thesis project I would like to add an online kmeans algorithm (paper (Edo Liberty et al) and

[VOTE] Release Spark 3.3.0 (RC1)

2022-05-05 Thread Maxim Gekk
Please vote on releasing the following candidate as Apache Spark version 3.3 .0. The vote is open until 11:59pm Pacific time May 10th and passes if a majority +1 PMC votes are cast, with a minimum of 3 +1 votes. [ ] +1 Release this package as Apache Spark 3.3.0 [ ] -1 Do not release this package