[
https://issues.apache.org/jira/browse/LIVY-902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17645830#comment-17645830
]
Larry McCay commented on LIVY-902:
----------------------------------
[CVE-2022-33891|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33891]
- is also a Spark server/UI related issue and outside of the Livy scope for
these dependencies.
It seems that this is also talking about trusted proxy or impersonation
capabilities which are generally implemented only with kerberos enabled.
I'll look at that implementation in Spark separately if I have a chance.
[~irashid] - FYI ^^^
> Address Spark Dependency Upgrades
> ---------------------------------
>
> Key: LIVY-902
> URL: https://issues.apache.org/jira/browse/LIVY-902
> Project: Livy
> Issue Type: Sub-task
> Components: Core
> Affects Versions: 0.7.0
> Reporter: Larry McCay
> Assignee: Larry McCay
> Priority: Major
> Fix For: 0.8.0
>
>
> Address the CRITICAL severities for Spark dependencies.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
