Hi Kamal , Please check apache spark security advisory all crtical issue mentioned here.
https://spark.apache.org/security.html Regards, Vaquar khan On Mon, Nov 18, 2024, 9:37 AM Arnout Engelen <enge...@apache.org> wrote: > Hello Kamal et al, > > Thank you for your message! In the future, please don't use > secur...@spark.apache.org for reports such as this one: if there is an > advisory for a dependency, more often than not, the dependency is not used > in a way that is impacted by the advisory. As such we don't consider > reports such as the one you attached as sensitive. You can read more about > this at https://security.apache.org/report-dependency/ . > > I see you also sent your message to the public dev@spark.apache.org > mailinglist. Indeed discussing how to deal with dependency updates would be > on-topic for that list. That said, we do expect a collaborative attitude: > as a leading bank, if these issues are important to you, it would be great > if you can allocate some engineering time to participate productively in > this project. Unfortunately it seems like your email didn't arrive on the > dev@spark.apache.org list. I suspect it may have been rejected because of > the attachment. > > > Kind regards, > > Arnout Engelen > > > On Mon, Nov 11, 2024 at 10:47 AM Kamal R (Consumer Bank, KMBL) via > security <secur...@apache.org> wrote: > >> Hi Apache Team, >> >> >> >> If you could please respond to our query or point us to right point of >> contact, that will be quite helpful. >> >> >> >> Regards, >> >> Kamal >> >> >> >> *From: *Sidhartha Topcharla (Consumer Bank, KMBL) < >> sidhartha.topcha...@kotak.com> >> *Date: *Friday, 8 November 2024 at 11:22 AM >> *To: *secur...@spark.apache.org <secur...@spark.apache.org>, Jayraj >> Chopda (Corporate, KMBL) <jayraj.cho...@kotak.com> >> *Cc: *dev@spark.apache.org <dev@spark.apache.org>, Kamal R (Consumer >> Bank, KMBL) <kamal.rat...@kotak.com> >> *Subject: *Re: Vulnerabilities found on pyspark >> >> @Jayraj Chopda (Corporate, KMBL) <jayraj.cho...@kotak.com> >> >> >> >> *From: *Sidhartha Topcharla (Consumer Bank, KMBL) < >> sidhartha.topcha...@kotak.com> >> *Date: *Wednesday, 6 November 2024 at 1:04 PM >> *To: *secur...@spark.apache.org <secur...@spark.apache.org> >> *Cc: *dev@spark.apache.org <dev@spark.apache.org>, Kamal R (Consumer >> Bank, KMBL) <kamal.rat...@kotak.com> >> *Subject: *Vulnerabilities found on pyspark >> >> Hello Folks, >> >> I am Sidhartha Topcharla, working with Kotak Mahindra Bank. We are a >> leading private bank in India, with a customer base of around 300M. >> >> We are using pyspark: "^3.5.2" on our production environment. Our >> vulnerability scanner has identified below issues within spark jars. Being >> a highly regulated entity, handling this issues is very critical for us. >> >> >> >> It would great if you can let us know if this issues are already >> identified and fixed. >> >> >> >> Looking forward to your reply. >> >> >> >> Thank and Regards, >> >> Sidhartha T >> >> >> >> >> >> >> DISCLAIMER: >> This communication is confidential and privileged and is directed to and >> for the use of the addressee only. The recipient if not the addressee >> should not use this message if erroneously received, and access and use of >> this e-mail in any manner by anyone other than the addressee is >> unauthorized. If you are not the intended recipient, please notify the >> sender by return email and immediately destroy all copies of this message >> and any attachments and delete it from your computer system permanently. >> The recipient acknowledges that Kotak Mahindra Bank Limited may be unable >> to exercise control or ensure or guarantee the integrity of the text of the >> email message and the text is not warranted as to completeness and >> accuracy. Before opening and accessing the attachment, if any, please check >> and scan for virus. >> > > > -- > Arnout Engelen > ASF Security Response > Apache Pekko PMC member, ASF Member > NixOS Committer > Independent Open Source consultant >
