Github user srowen commented on the issue:
https://github.com/apache/spark/pull/16888
Updating to 4.0.44 should be fine (though, we got bit even by a maintenance
update behavior change a while ago) but apparently that doesn't include the
security fix in question. That said, it's not clear what the security issue is
or whether it affects Spark -- can we start with that?
Updating to 4.1.x is probably a good idea, eventually, even if it's not
necessary, but it will require some care and testing. It sounds like this
should be marked as `[WIP]` and doesn't work yet. If it's troublesome we may
not proceed with this.
CC @zsxwing
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
