[ https://issues.apache.org/jira/browse/SPARK-35518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Louis DEFLANDRE updated SPARK-35518: ------------------------------------ Description: Vulnerabilities scanner is highlighting following CRITICAL vulnerabilities in {{spark-3.0.2-bin-hadoop3.2}} coming from obsolete {{log4j_log4j}} {{1.2.17}} : * [CVE-2019-17571|https://nvd.nist.gov/vuln/detail/CVE-2019-17571] This package is shipped within {{jars/log4j-1.2.17.jar}} was: Vulnerabilities scanner is highlighting following CRITICAL vulnerabilities in `spark-3.0.2-bin-hadoop3.2` coming from obsolete `log4j_log4j` `1.2.17` : * [CVE-2019-17571|https://nvd.nist.gov/vuln/detail/CVE-2019-17571] This package is shipped within `jars/log4j-1.2.17.jar` > Critical Vulnerabilities: log4j_log4j 1.2.17 shipped > ---------------------------------------------------- > > Key: SPARK-35518 > URL: https://issues.apache.org/jira/browse/SPARK-35518 > Project: Spark > Issue Type: Bug > Components: Build > Affects Versions: 3.0.2 > Reporter: Louis DEFLANDRE > Priority: Major > > Vulnerabilities scanner is highlighting following CRITICAL vulnerabilities in > {{spark-3.0.2-bin-hadoop3.2}} coming from obsolete {{log4j_log4j}} {{1.2.17}} > : > * [CVE-2019-17571|https://nvd.nist.gov/vuln/detail/CVE-2019-17571] > This package is shipped within {{jars/log4j-1.2.17.jar}} -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org