[
https://issues.apache.org/jira/browse/SPARK-56227?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18085100#comment-18085100
]
Akira Ajisaka commented on SPARK-56227:
---------------------------------------
This is an important fix and should be included in at least 3.5.9.
Reason: [CVE-2025-55039|https://github.com/advisories/GHSA-6p6v-m64v-jx8q]
advises user to configure TLS or AES-GCM instead of AES-CTR, and since TLS is
not in 3.x, Spark 3.5.x users are required to configure AES-GCM. However, it
currently doesn't work in Spark on YARN.
> Fix GcmTransportCipher to correctly handle multiple messages per channel
> ------------------------------------------------------------------------
>
> Key: SPARK-56227
> URL: https://issues.apache.org/jira/browse/SPARK-56227
> Project: Spark
> Issue Type: Bug
> Components: Security
> Affects Versions: 3.5.8, 4.1.1
> Reporter: Akira Ajisaka
> Priority: Major
> Labels: pull-request-available
>
> AES-GCM for RPC encryption was introduced by SPARK-47172, however, now the
> feature doesn't correctly handle multiple messages per channel. In YARN
> application, the auth handshake succeeds but all post-auth RPC messages are
> dropped or corrupted, leaving the channel hung until YARN kills the container.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
