[
https://issues.apache.org/jira/browse/SPARK-47766?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dongjoon Hyun resolved SPARK-47766.
-----------------------------------
Resolution: Invalid
This is superseded by SPARK-45393 and SPARK-49550 for Apache Spark 4.0.0.
> Extend spark 3.5.1 to support hadoop-client-api 3.4.0,
> hadoop-client-runtime-3.4.0
> ----------------------------------------------------------------------------------
>
> Key: SPARK-47766
> URL: https://issues.apache.org/jira/browse/SPARK-47766
> Project: Spark
> Issue Type: Bug
> Components: PySpark
> Affects Versions: 3.5.1
> Reporter: Ramakrishna
> Priority: Blocker
> Labels: pull-request-available
>
> We have some HIGH CVEs which are coming from hadoop-client-runtime 3.3.4 and
> hence we need to address those
>
> com.fasterxml.jackson.core:jackson-databind causing
> *CVE-2022-42003* and *CVE-2022-42004*
> (org.apache.hadoop_hadoop-client-runtime-3.3.4.jar)
>
>
> com.google.protobuf:protobuf-java
> (org.apache.hadoop_hadoop-client-runtime-3.3.4.jar) causing
> *CVE-2021-22569,* *CVE-2021-22570,* *CVE-2022-3509* and *CVE-2022-3510*
>
> net.minidev:json-smart
> causing *CVE-2021-31684,* *CVE-2023-1370*
> (org.apache.hadoop_hadoop-client-runtime-3.3.4.jar)
>
>
> org.apache.avro:avro
> (org.apache.hadoop_hadoop-client-runtime-3.3.4.jar) causing
> *CVE-2023-39410*
>
>
> org.apache.commons:commons-compress causing *CVE-2024-25710,
> CVE-2024-26308*
> (org.apache.hadoop_hadoop-client-runtime-3.3.4.jar)
>
>
> Most of these have gone in hadoop client runtime 3.4.0
>
> Is there a plan to support hadoop 3.4.0 ?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
