Github user dongjoon-hyun commented on the issue:
https://github.com/apache/spark/pull/22992
@mingwandroid . If you are worrying about the real issues, could you lend
us your hand, please? Reopening the issue with the valid reproducible case is
always welcome.
Apache Spark community do seriously care about the correct CVE report, and
provide backports.
- http://spark.apache.org/security.html
Alarming real risks is the only way to make people happy. We should not
make people surprise with wrong reasons. Apache Spark issues and commits are
precious resources. Not only you, all downstream are affected. So, we are
trying to do our best to deliver only the correct patch.
If we cry `Wolf, Wolf` for incorrect situation repeatedly, Apache Spark
security alert's credibility will go down gradually (and seriously eventually).
Nobody believes Spark's security alart in the future.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
