[jira] [Created] (SPARK-43388) Latest docker Spark image has critical CVE

mahiki jones (Jira) Fri, 05 May 2023 11:45:14 -0700

mahiki jones created SPARK-43388:
------------------------------------

             Summary: Latest docker Spark image has critical CVE
                 Key: SPARK-43388
                 URL: https://issues.apache.org/jira/browse/SPARK-43388
             Project: Spark
          Issue Type: Bug
          Components: Spark Docker
    Affects Versions: 3.4.0
            Reporter: mahiki jones
         Attachments: spark-docker.CVE-everywhere.png


I pulled the latest spark 3.4.0 image from dockerhub, on 2023-04-28 and found 
after scanning on docker desktop that there are several critical CVE found (see 
screenshot).

It seems like some changes to github actions are needed to rebuild with updated 
dependencies on a regular cadence.

 

Notes:

Original project issue: https://issues.apache.org/jira/browse/SPARK-40513

[https://hub.docker.com/r/apache/spark/tags]

https://github.com/apache/spark-docker/actions

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (SPARK-43388) Latest docker Spark image has critical CVE

Reply via email to