CCing Kostya for a better view, but I believe that this will not be an issue if you're not using the ACLs in Spark, yes.
On Mon, Nov 21, 2022 at 2:38 PM Andrew Pomponio <apompo...@perforce.com> wrote: > I am using Spark 2.3.0 and trying to mitigate > https://nvd.nist.gov/vuln/detail/CVE-2022-33891. The correct thing to do > is to update. However, I am told this is not happening. Thus, I am trying > to determine if the following are set: > > > spark.acls.enable false > > spark.history.ui.acls.enable false > > > These are 100% set in the config. I checked the config for weird > whitespace issues in a hex editor. Nonetheless, the config does not show up > in the UI. Thus, I took a heap dump. If I read the heap dump in text mode I > can see this: > > > > V is abstract � ��spark.acls.enable1 � 0invalid end of optional part at > position > > > > I am not able to find this in VisualVM or MAT to determine what that is > set to. Any thoughts? > > > > > > *Andrew Pomponio | Associate Enterprise Architect, OpenLogic > <https://www.openlogic.com/?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2019-common&utm_content=email-signature-link>* > > Perforce Software > <http://www.perforce.com/?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link> > > P: +1 612.517.2100 > > Visit us on: LinkedIn > <https://www.linkedin.com/company/perforce?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link> > | Twitter > <https://twitter.com/perforce?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link> > | Facebook > <https://www.facebook.com/perforce/?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link> > | YouTube > <https://www.youtube.com/user/perforcesoftware?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link> > > > > *Use our new Community portal to submit/track support cases! > <https://www.perforce.com/support/community-portal-faq?utm_source=sales-signature&utm_medium=email&utm_campaign=community-portal-faq&utm_content=resource?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link>* > > > > This e-mail may contain information that is privileged or confidential. If > you are not the intended recipient, please delete the e-mail and any > attachments and notify us immediately. > >
