[
https://issues.apache.org/jira/browse/SPARK-28004?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dongjoon Hyun resolved SPARK-28004.
-----------------------------------
Resolution: Fixed
Fix Version/s: 3.0.0
Issue resolved by pull request 24843
[https://github.com/apache/spark/pull/24843]
> Update jquery to 3.4.1
> ----------------------
>
> Key: SPARK-28004
> URL: https://issues.apache.org/jira/browse/SPARK-28004
> Project: Spark
> Issue Type: Improvement
> Components: Web UI
> Affects Versions: 3.0.0
> Reporter: Sean Owen
> Assignee: Sean Owen
> Priority: Major
> Fix For: 3.0.0
>
>
> We're using an old-ish jQuery, 1.12.4, and should probably update for Spark 3
> to keep up in general, but also to keep up with CVEs. In fact, we know of at
> least one resolved in only 3.4.0+
> (https://nvd.nist.gov/vuln/detail/CVE-2019-11358). They may not affect Spark,
> but, if the update isn't painful, maybe worthwhile in order to make future
> 3.x updates easier.
> jQuery 1 -> 2 doesn't sound like a breaking change, as 2.0 is supposed to
> maintain compatibility with 1.9+
> (https://blog.jquery.com/2013/04/18/jquery-2-0-released/)
> 2 -> 3 has breaking changes: https://jquery.com/upgrade-guide/3.0/. It's hard
> to evaluate each one, but the most likely area for problems is in ajax().
> However, our usage of jQuery (and plugins) is pretty simple.
> I've tried updating and testing the UI, and can't see any warnings, errors,
> or problematic functionality. This includes the Spark UI, master UI, worker
> UI, and docs (well, I wasn't able to build R docs)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
