A fix for CVE-2021-38296 was committed and released in Apache Spark 3.1.3. I'm curious, is the issue relevant to the 2.4 version line, and if so, are there any plans for a backport?
https://lists.apache.org/thread/70x8fw2gx3g9ty7yk0f2f1dlpqml2smd Chris Nauroth