Actually, that page is about something different: that page lists security advisories in previous versions of Spark itself, while KMBL are sharing the fact that there are advisories for dependencies of pyspark.
On Mon, Nov 18, 2024 at 5:16 PM vaquar khan <vaquar.k...@gmail.com> wrote: > > Hi Kamal , > Please check apache spark security advisory all crtical issue mentioned here. > > https://spark.apache.org/security.html > > > Regards, > Vaquar khan > > On Mon, Nov 18, 2024, 9:37 AM Arnout Engelen <enge...@apache.org> wrote: >> >> Hello Kamal et al, >> >> Thank you for your message! In the future, please don't use >> secur...@spark.apache.org for reports such as this one: if there is an >> advisory for a dependency, more often than not, the dependency is not used >> in a way that is impacted by the advisory. As such we don't consider reports >> such as the one you attached as sensitive. You can read more about this at >> https://security.apache.org/report-dependency/ . >> >> I see you also sent your message to the public dev@spark.apache.org >> mailinglist. Indeed discussing how to deal with dependency updates would be >> on-topic for that list. That said, we do expect a collaborative attitude: as >> a leading bank, if these issues are important to you, it would be great if >> you can allocate some engineering time to participate productively in this >> project. Unfortunately it seems like your email didn't arrive on the >> dev@spark.apache.org list. I suspect it may have been rejected because of >> the attachment. >> >> >> Kind regards, >> >> Arnout Engelen >> >> >> On Mon, Nov 11, 2024 at 10:47 AM Kamal R (Consumer Bank, KMBL) via security >> <secur...@apache.org> wrote: >>> >>> Hi Apache Team, >>> >>> >>> >>> If you could please respond to our query or point us to right point of >>> contact, that will be quite helpful. >>> >>> >>> >>> Regards, >>> >>> Kamal >>> >>> >>> >>> From: Sidhartha Topcharla (Consumer Bank, KMBL) >>> <sidhartha.topcha...@kotak.com> >>> Date: Friday, 8 November 2024 at 11:22 AM >>> To: secur...@spark.apache.org <secur...@spark.apache.org>, Jayraj Chopda >>> (Corporate, KMBL) <jayraj.cho...@kotak.com> >>> Cc: dev@spark.apache.org <dev@spark.apache.org>, Kamal R (Consumer Bank, >>> KMBL) <kamal.rat...@kotak.com> >>> Subject: Re: Vulnerabilities found on pyspark >>> >>> @Jayraj Chopda (Corporate, KMBL) >>> >>> >>> >>> From: Sidhartha Topcharla (Consumer Bank, KMBL) >>> <sidhartha.topcha...@kotak.com> >>> Date: Wednesday, 6 November 2024 at 1:04 PM >>> To: secur...@spark.apache.org <secur...@spark.apache.org> >>> Cc: dev@spark.apache.org <dev@spark.apache.org>, Kamal R (Consumer Bank, >>> KMBL) <kamal.rat...@kotak.com> >>> Subject: Vulnerabilities found on pyspark >>> >>> Hello Folks, >>> >>> I am Sidhartha Topcharla, working with Kotak Mahindra Bank. We are a >>> leading private bank in India, with a customer base of around 300M. >>> >>> We are using pyspark: "^3.5.2" on our production environment. Our >>> vulnerability scanner has identified below issues within spark jars. Being >>> a highly regulated entity, handling this issues is very critical for us. >>> >>> >>> >>> It would great if you can let us know if this issues are already identified >>> and fixed. >>> >>> >>> >>> Looking forward to your reply. >>> >>> >>> >>> Thank and Regards, >>> >>> Sidhartha T >>> >>> >>> >>> >>> >>> >>> DISCLAIMER: >>> This communication is confidential and privileged and is directed to and >>> for the use of the addressee only. The recipient if not the addressee >>> should not use this message if erroneously received, and access and use of >>> this e-mail in any manner by anyone other than the addressee is >>> unauthorized. If you are not the intended recipient, please notify the >>> sender by return email and immediately destroy all copies of this message >>> and any attachments and delete it from your computer system permanently. >>> The recipient acknowledges that Kotak Mahindra Bank Limited may be unable >>> to exercise control or ensure or guarantee the integrity of the text of the >>> email message and the text is not warranted as to completeness and >>> accuracy. Before opening and accessing the attachment, if any, please check >>> and scan for virus. >> >> >> >> -- >> Arnout Engelen >> ASF Security Response >> Apache Pekko PMC member, ASF Member >> NixOS Committer >> Independent Open Source consultant -- Arnout Engelen ASF Security Response Apache Pekko PMC member, ASF Member NixOS Committer Independent Open Source consultant --------------------------------------------------------------------- To unsubscribe e-mail: dev-unsubscr...@spark.apache.org
