Github user srowen commented on the issue:
https://github.com/apache/spark/pull/18789
@ash211 I still don't think this should be described as a CVE fix, because
it doesn't appear to affect Spark. It is, however, going to be necessary for
Scala 2.12. To me that's the most real motivation here.
I tried this change in my scala 2.12 branch and found I needed to do a bit
more:
https://github.com/apache/spark/pull/18645/files#diff-07fec5b101338c859a2f08f3801a5bd8
`jackson-module-scala` also needed to update to 2.6.7.1 because that's the
first version that has a 2.12 artifact. So I used the 'databind' property there
as well. Ideally, just make that change here too and then it aligns with what
2.12 needs anyway.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
