[
https://issues.apache.org/jira/browse/SPARK-40037?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bjørn Jørgensen updated SPARK-40037:
------------------------------------
Description:
[https://www.cve.org/CVERecord?id=CVE-2022-25647 | ]
[CVE-2022-25647|https://www.cve.org/CVERecord?id=CVE-2022-25647]
[https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327|Info at SNYK]
[https://www.cve.org/CVERecord?id=CVE-2021-22569|CVE-2021-22569]
[https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-2331703|Info at SNYK]
[https://github.com/google/tink/releases/tag/v1.7.0|releases log]
was:
[https://www.cve.org/CVERecord?id=CVE-2022-25647 | CVE-2022-25647]
[https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327|Info at SNYK]
[https://www.cve.org/CVERecord?id=CVE-2021-22569|CVE-2021-22569]
[https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-2331703|Info at SNYK]
[https://github.com/google/tink/releases/tag/v1.7.0|releases log]
> Upgrade com.google.crypto.tink:tink from 1.6.1 to 1.7.0
> -------------------------------------------------------
>
> Key: SPARK-40037
> URL: https://issues.apache.org/jira/browse/SPARK-40037
> Project: Spark
> Issue Type: Dependency upgrade
> Components: Build
> Affects Versions: 3.4.0
> Reporter: Bjørn Jørgensen
> Priority: Major
>
> [https://www.cve.org/CVERecord?id=CVE-2022-25647 | ]
> [CVE-2022-25647|https://www.cve.org/CVERecord?id=CVE-2022-25647]
> [https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327|Info at
> SNYK]
> [https://www.cve.org/CVERecord?id=CVE-2021-22569|CVE-2021-22569]
> [https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-2331703|Info at
> SNYK]
> [https://github.com/google/tink/releases/tag/v1.7.0|releases log]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
