Github user ambauma commented on the issue:
https://github.com/apache/spark/pull/19528
I have a release in my fork for my immediate needs. However, Spark 1.6 is
still included in Hortonworks and is default in Cloudera. This patch addresses
CVE-2017-7678. Some companies in strict regulatory environments may fail
audits and be forced to remove Spark 1.6 if it is not patched. Rather than
keeping security patches in forks, I think it makes sense to merge them back
into the mainline for branches that are still in active use. That way if I get
hit by a bus and CVE-2018-XXXX comes out, CVE-2017-7678 will already be covered
and the work will not need to be duplicated.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
