[ https://issues.apache.org/jira/browse/SPARK-24229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sushant Pritmani updated SPARK-24229: ------------------------------------- Comment: was deleted (was: Can we have the latest version of 'libfb303' also? As the current version of `libfb303` uses an old version(0.9.3) of 'libthrift' which has the same vulnerability mentioned above. Thank you.) > Upgrade to the latest Apache Thrift 0.10.0 release > -------------------------------------------------- > > Key: SPARK-24229 > URL: https://issues.apache.org/jira/browse/SPARK-24229 > Project: Spark > Issue Type: Bug > Components: Java API > Affects Versions: 2.3.0 > Reporter: Ray Donnelly > Priority: Critical > > According to [https://www.cvedetails.com/cve/CVE-2016-5397/] > > .. there are critical vulnerabilities in libthrift 0.9.3 currently vendored > in Apache Spark (and then, for us, into PySpark). > > Can anyone help to assess the seriousness of this and what should be done > about it? > -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org