[jira] [Created] (SPARK-20393) Strengthen Spark to prevent XSS vulnerabilities

2017-04-19 Thread Nicholas Marion (JIRA)
Nicholas Marion created SPARK-20393: --- Summary: Strengthen Spark to prevent XSS vulnerabilities Key: SPARK-20393 URL: https://issues.apache.org/jira/browse/SPARK-20393 Project: Spark Issue

[jira] [Created] (SPARK-29011) Upgrade netty-all to 4.1.39-Final

2019-09-06 Thread Nicholas Marion (Jira)
Nicholas Marion created SPARK-29011: --- Summary: Upgrade netty-all to 4.1.39-Final Key: SPARK-29011 URL: https://issues.apache.org/jira/browse/SPARK-29011 Project: Spark Issue Type:

[jira] [Commented] (SPARK-30466) remove dependency on jackson-mapper-asl-1.9.13 and jackson-core-asl-1.9.13

2020-04-14 Thread Nicholas Marion (Jira)
[ https://issues.apache.org/jira/browse/SPARK-30466?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17083270#comment-17083270 ] Nicholas Marion commented on SPARK-30466: - Also there were two more CVEs opened late last year

[jira] [Commented] (SPARK-30466) remove dependency on jackson-mapper-asl-1.9.13 and jackson-core-asl-1.9.13

2020-03-25 Thread Nicholas Marion (Jira)
[ https://issues.apache.org/jira/browse/SPARK-30466?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17067300#comment-17067300 ] Nicholas Marion commented on SPARK-30466: - It is worth noting that the following dependencies

[jira] [Created] (SPARK-33695) Bump Jackson to 2.10.5 and databind to 2.10.5.1

2020-12-07 Thread Nicholas Marion (Jira)
Nicholas Marion created SPARK-33695: --- Summary: Bump Jackson to 2.10.5 and databind to 2.10.5.1 Key: SPARK-33695 URL: https://issues.apache.org/jira/browse/SPARK-33695 Project: Spark Issue

[jira] [Updated] (SPARK-33695) Bump Jackson to 2.10.5 and databind to 2.10.5.1

2020-12-07 Thread Nicholas Marion (Jira)
[ https://issues.apache.org/jira/browse/SPARK-33695?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nicholas Marion updated SPARK-33695: Description: Jackson reported a vulnerability under CVE-2020-25649. The version pulled in

[jira] [Updated] (SPARK-33762) Bump commons-codec to latest version.

2020-12-11 Thread Nicholas Marion (Jira)
[ https://issues.apache.org/jira/browse/SPARK-33762?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nicholas Marion updated SPARK-33762: Description: Currently Spark pulls in commons-codec version 2.10 which was released 6

[jira] [Commented] (SPARK-33695) Bump Jackson to 2.10.5 and databind to 2.10.5.1

2020-12-11 Thread Nicholas Marion (Jira)
[ https://issues.apache.org/jira/browse/SPARK-33695?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17248107#comment-17248107 ] Nicholas Marion commented on SPARK-33695: - [~dongjoon] , As a security issue, would this

[jira] [Created] (SPARK-33762) Bump commons-codec to latest version.

2020-12-11 Thread Nicholas Marion (Jira)
Nicholas Marion created SPARK-33762: --- Summary: Bump commons-codec to latest version. Key: SPARK-33762 URL: https://issues.apache.org/jira/browse/SPARK-33762 Project: Spark Issue Type:

[jira] [Commented] (SPARK-30466) remove dependency on jackson-mapper-asl-1.9.13 and jackson-core-asl-1.9.13

2023-06-26 Thread Nicholas Marion (Jira)
[ https://issues.apache.org/jira/browse/SPARK-30466?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17737164#comment-17737164 ] Nicholas Marion commented on SPARK-30466: - Hive 3.x is planned for Spark 4.x; so hopefully that