Hi Steve,
While we are building spark 2.1 version this particular JWT jar is getting
added as part of transitive dependency of Hadoop-auth-2.7.2 project. I
discussed with one of the Hadoop pmc, he will analyse the impact of this
particular issue in Hadoop . Once I will get more information I wil
might be coming in transitively
https://issues.apache.org/jira/browse/HADOOP-14799
On 13 Feb 2018, at 18:18, PJ Fanning
mailto:fannin...@yahoo.com>> wrote:
Hi Sujith,
I didn't find the nimbusds dependency in any spark 2.2 jars. Maybe I missed
something. Could you tell us which spark jar has the
Hi Sujith,
I didn't find the nimbusds dependency in any spark 2.2 jars. Maybe I missed
something. Could you tell us which spark jar has the nimbusds dependency?
--
Sent from: http://apache-spark-developers-list.1001551.n3.nabble.com/
---
Hi Folks,
I observed that in spark 2.2.x version we are using NimbusDS JOSE JWT jar
3.9 version, but i saw few vulnerability has been reported for this
particular version jar. please refer below details
https://nvd.nist.gov/vuln/detail/CVE-2017-12973,
https://www.cvedetails.com/cve/CVE-2017-12972/
