[
https://issues.apache.org/jira/browse/SPARK-55398?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18063670#comment-18063670
]
Holden Karau commented on SPARK-55398:
--------------------------------------
We normally don't file CVEs to the public tracker, [~isaacpe15] can you reach
out to private@ with details if you believe Spark is impacted. If it's a just
"we should upgrade since this will be flagged by automated scanners that don't
know better" leaving it as Jira is probably fine.
> CVE-2025-67721 Bump io.airlift:aircompressor
> --------------------------------------------
>
> Key: SPARK-55398
> URL: https://issues.apache.org/jira/browse/SPARK-55398
> Project: Spark
> Issue Type: Dependency upgrade
> Components: SQL
> Affects Versions: 4.0.2, 4.2.0, 4.1.1
> Reporter: Isaac
> Priority: Minor
>
> There is a vulnerability in the *io.airlift:aircompressor* library
> [https://nvd.nist.gov/vuln/detail/CVE-2025-67721]
>
> It would be needed to migrate to v3 version of the library
> (https://mvnrepository.com/artifact/io.airlift/aircompressor-v3)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
