[
https://issues.apache.org/jira/browse/LIVY-902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17645834#comment-17645834
]
Larry McCay commented on LIVY-902:
----------------------------------
*[CVE-2018-11804|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11804],*
*[CVE-2021-38296|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38296],*
*[CVE-2022-31777|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31777],*
{*}[CVE-2018-11770|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11770]{*}{*}{*}{*}{*}{*}{*}
All of the above seem to be Spark server related issues and not related to Livy
directly.
*[CVE-2018-11770|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11770]*
- is related to the REST server in the standalone master for submitting jobs -
even if Livy is using this API, it is reasonable to expect this to be the
responsibility of the Spark master rather than the Livy side.
> Address Spark Dependency Upgrades
> ---------------------------------
>
> Key: LIVY-902
> URL: https://issues.apache.org/jira/browse/LIVY-902
> Project: Livy
> Issue Type: Sub-task
> Components: Core
> Affects Versions: 0.7.0
> Reporter: Larry McCay
> Assignee: Larry McCay
> Priority: Major
> Fix For: 0.8.0
>
>
> Address the CRITICAL severities for Spark dependencies.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
