This is an automated email from the ASF dual-hosted git repository.
ruifengz pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/spark-website.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 88505a7580 [SPARK-54784] Document the security policy on ml models
(#676)
88505a7580 is described below
commit 88505a7580278e0455700bc0c6db57a747430b44
Author: Ruifeng Zheng <[email protected]>
AuthorDate: Fri Feb 13 08:51:17 2026 +0800
[SPARK-54784] Document the security policy on ml models (#676)
* try
* try
* try
* Apply suggestions from code review
Co-authored-by: Celeste Horgan
<[email protected]>
* html
---------
Co-authored-by: Celeste Horgan
<[email protected]>
---
security.md | 14 ++++++++++++++
site/security.html | 14 ++++++++++++++
2 files changed, 28 insertions(+)
diff --git a/security.md b/security.md
index 2a3b6ee7cf..38ee3a6179 100644
--- a/security.md
+++ b/security.md
@@ -43,6 +43,20 @@ internet or untrusted networks. We recommend access within
trusted networks (com
private cloud environments), using restrict access to the Spark cluster with
robust authentication,
authorization, and network controls.
+<h3>Is loading a machine learning model secure? Who is responsible for model
security?</h3>
+
+Loading an Apache Spark ML model is equivalent to loading and executing code
within the Spark runtime.
+
+Spark ML models might contain serialized objects, custom transformers,
user-defined expressions, and execution graphs.
+During model loading, Spark deserializes these components, reconstructs the
pipeline, and instantiates runtime objects.
+This process can invoke executable logic on the Spark driver and executors.
+Any model, but particularly that is compromised or intentionally created with
malicious intent,
+might execute arbitrary code, access sensitive data, or compromise cluster
nodes.
+
+End users must treat Spark ML models with the same level of caution and
security scrutiny as any third-party software.
+This includes verifying the source, validating integrity, and applying
appropriate isolation and security controls
+before loading or deploying a model.
+
<h2>Known security issues</h2>
<h3 id="CVE-2023-32007">CVE-2023-32007: Apache Spark shell command injection
vulnerability via Spark UI</h3>
diff --git a/site/security.html b/site/security.html
index 649f20cfb7..6eecaeb28d 100644
--- a/site/security.html
+++ b/site/security.html
@@ -189,6 +189,20 @@ internet or untrusted networks. We recommend access within
trusted networks (com
private cloud environments), using restrict access to the Spark cluster with
robust authentication,
authorization, and network controls.</p>
+<h3>Is loading a machine learning model secure? Who is responsible for model
security?</h3>
+
+<p>Loading an Apache Spark ML model is equivalent to loading and executing
code within the Spark runtime.</p>
+
+<p>Spark ML models might contain serialized objects, custom transformers,
user-defined expressions, and execution graphs.
+During model loading, Spark deserializes these components, reconstructs the
pipeline, and instantiates runtime objects.
+This process can invoke executable logic on the Spark driver and executors.
+Any model, but particularly that is compromised or intentionally created with
malicious intent,
+might execute arbitrary code, access sensitive data, or compromise cluster
nodes.</p>
+
+<p>End users must treat Spark ML models with the same level of caution and
security scrutiny as any third-party software.
+This includes verifying the source, validating integrity, and applying
appropriate isolation and security controls
+before loading or deploying a model.</p>
+
<h2>Known security issues</h2>
<h3 id="CVE-2023-32007">CVE-2023-32007: Apache Spark shell command injection
vulnerability via Spark UI</h3>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
