[
https://issues.apache.org/jira/browse/LIVY-902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17645826#comment-17645826
]
Larry McCay commented on LIVY-902:
----------------------------------
[CVE-2018-17190
|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17190]- appears to be
mitigated by requiring authentication on the Spark standalone resource manager.
I imagine that this is not a responsibility of Livy and instead of the Spark
server running wherever Livy is expecting it to be.
Therefore, Livy does not need any specific mitigation for this CVE but Spark in
the environment where Livy would be used is responsible.
[~dacort] - any thoughts on this?
> Address Spark Dependency Upgrades
> ---------------------------------
>
> Key: LIVY-902
> URL: https://issues.apache.org/jira/browse/LIVY-902
> Project: Livy
> Issue Type: Sub-task
> Components: Core
> Affects Versions: 0.7.0
> Reporter: Larry McCay
> Assignee: Larry McCay
> Priority: Major
> Fix For: 0.8.0
>
>
> Address the CRITICAL severities for Spark dependencies.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
