[
https://issues.apache.org/jira/browse/SPARK-35054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17332822#comment-17332822
]
Hyukjin Kwon commented on SPARK-35054:
--------------------------------------
[~jainshasha], so which Open JDK versions are affected? If it's in open JDK, it
should be fixed in JDK or we use a different version in JDK 11. Spark itself
can't fix the issue.
It would be greatly helpful to elabourate why and how these CVEs affect Spark.
So how does the docker file relate to the CVEs?
cc [~dongjoon] and [~holden] FYI.
> Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
> -------------------------------------------------------------------
>
> Key: SPARK-35054
> URL: https://issues.apache.org/jira/browse/SPARK-35054
> Project: Spark
> Issue Type: Bug
> Components: Spark Core
> Affects Versions: 3.0.0
> Reporter: Shashank Jain
> Priority: Major
> Attachments: spark_docker.rtf
>
>
> Currently while running Trivy Scan on Spark build we are getting the
> following critical vulnerability
> CVE-2021-20231
> CVE-2021-20232
> How to fix these vulnerabilities in spark 3.0.0 branch ?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
