Jonathan Hart created SPARK-51795:
-------------------------------------
Summary: Upgrade critical parquet CVE
Key: SPARK-51795
URL: https://issues.apache.org/jira/browse/SPARK-51795
Project: Spark
Issue Type: Improvement
Components: Spark Core
Affects Versions: 3.5.5
Reporter: Jonathan Hart
The parquet version (1.13.1) used by Spark 3.5.5 contains a major CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30065 that allows
remote code execution. It is recommended to upgrade to parquet versions >
1.15.1.
The latest v4.0.0-rc4 has been updated to the latest parquet version, but
ideally it should be backported to the 3.5.x branch.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
