srowen commented on issue #27746: [SPARK-30994][CORE] Update xerces to 2.12.0 URL: https://github.com/apache/spark/pull/27746#issuecomment-593176962 @kiszk hm, good point. I think the sbt build doesn't seem to pick this up for some reason? I see 2.9.1 in `sbt dependencyList`. I'll have to look into that a bit more, esp. if this means it somehow affects the Pyspark artifacts. @dongjoon-hyun it's probably reasonable to move to supporting just one latest Hadoop 2.x version in the foreseeable future, yes. I think that's somewhat separate. @holdenk yeah the motivation for this particular library is the security issue, and this narrow change could for example back port to 2.4.x, though at this point it's not clear if the possible security issue highlighted in the release notes can affect Spark or how much. It may start popping up as part of automatic scans.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
