[jira] [Updated] (SPARK-43388) Latest docker Spark image has critical CVE

mahiki jones (Jira) Fri, 05 May 2023 11:45:24 -0700


     [ 
https://issues.apache.org/jira/browse/SPARK-43388?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


mahiki jones updated SPARK-43388:
---------------------------------
    Attachment: spark-docker.CVE-everywhere.png

> Latest docker Spark image has critical CVE
> ------------------------------------------
>
>                 Key: SPARK-43388
>                 URL: https://issues.apache.org/jira/browse/SPARK-43388
>             Project: Spark
>          Issue Type: Bug
>          Components: Spark Docker
>    Affects Versions: 3.4.0
>            Reporter: mahiki jones
>            Priority: Major
>         Attachments: spark-docker.CVE-everywhere.png
>
>
> I pulled the latest spark 3.4.0 image from dockerhub, on 2023-04-28 and found 
> after scanning on docker desktop that there are several critical CVE found 
> (see screenshot).
> It seems like some changes to github actions are needed to rebuild with 
> updated dependencies on a regular cadence.
>  
> Notes:
> Original project issue: https://issues.apache.org/jira/browse/SPARK-40513
> [https://hub.docker.com/r/apache/spark/tags]
> https://github.com/apache/spark-docker/actions
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (SPARK-43388) Latest docker Spark image has critical CVE

Reply via email to