[
https://issues.apache.org/jira/browse/SPARK-28004?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17166162#comment-17166162
]
Łukasz Żukowski commented on SPARK-28004:
-----------------------------------------
Hi
It it possible to backport this to 2.4.x ?
This is security upgrade then I think it should be fixed in stable version.
regards
> Update jquery to 3.4.1
> ----------------------
>
> Key: SPARK-28004
> URL: https://issues.apache.org/jira/browse/SPARK-28004
> Project: Spark
> Issue Type: Improvement
> Components: Web UI
> Affects Versions: 3.0.0
> Reporter: Sean R. Owen
> Assignee: Sean R. Owen
> Priority: Major
> Fix For: 3.0.0
>
>
> We're using an old-ish jQuery, 1.12.4, and should probably update for Spark 3
> to keep up in general, but also to keep up with CVEs. In fact, we know of at
> least one resolved in only 3.4.0+
> (https://nvd.nist.gov/vuln/detail/CVE-2019-11358). They may not affect Spark,
> but, if the update isn't painful, maybe worthwhile in order to make future
> 3.x updates easier.
> jQuery 1 -> 2 doesn't sound like a breaking change, as 2.0 is supposed to
> maintain compatibility with 1.9+
> (https://blog.jquery.com/2013/04/18/jquery-2-0-released/)
> 2 -> 3 has breaking changes: https://jquery.com/upgrade-guide/3.0/. It's hard
> to evaluate each one, but the most likely area for problems is in ajax().
> However, our usage of jQuery (and plugins) is pretty simple.
> I've tried updating and testing the UI, and can't see any warnings, errors,
> or problematic functionality. This includes the Spark UI, master UI, worker
> UI, and docs (well, I wasn't able to build R docs)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
