[
https://issues.apache.org/jira/browse/SPARK-35054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17335814#comment-17335814
]
Dongjoon Hyun commented on SPARK-35054:
---------------------------------------
Hi, [~jainshasha] . Apache Spark doesn't provide a docker image as the official
binary distribution and the provide `Dockerfile` is just an example as a
reference model. I don't think Apache Spark distributions are needed to be
fixed due to that Dockerfile. For JDK, Apache Spark deprecated only old JDKs
prior to 8u92.
- https://spark.apache.org/docs/latest/
> Java 8 prior to version 8u92 support is deprecated as of Spark 3.0.0.
Please upgrade your runtime environments (or docker files) with the proper
versions.
> Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
> -------------------------------------------------------------------
>
> Key: SPARK-35054
> URL: https://issues.apache.org/jira/browse/SPARK-35054
> Project: Spark
> Issue Type: Bug
> Components: Spark Core
> Affects Versions: 3.0.0
> Reporter: Shashank Jain
> Priority: Major
> Attachments: spark_docker.rtf
>
>
> Currently while running Trivy Scan on Spark build we are getting the
> following critical vulnerability
> CVE-2021-20231
> CVE-2021-20232
> How to fix these vulnerabilities in spark 3.0.0 branch ?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
