Hi Folks,
I observed that in spark 2.2.x version we are using NimbusDS JOSE JWT jar
3.9 version, but i saw few vulnerability has been reported for this
particular version jar. please refer below details

As per details this vulnerability is been detected prior to 4.39 jars, we
are planning to upgrade  this jar.
Just wanted to know that is their any reason why this jar has not been
upgraded in community release as this consists of vulnerabilities.

Appreciate your suggestions.


Sent from: http://apache-spark-developers-list.1001551.n3.nabble.com/

To unsubscribe e-mail: dev-unsubscr...@spark.apache.org

Reply via email to