[jira] [Updated] (SPARK-51795) Upgrade critical parquet CVE

ASF GitHub Bot (Jira) Mon, 14 Apr 2025 10:32:06 -0700


     [ 
https://issues.apache.org/jira/browse/SPARK-51795?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


ASF GitHub Bot updated SPARK-51795:
-----------------------------------
    Labels: CVE pull-request-available  (was: CVE)

> Upgrade critical parquet CVE
> ----------------------------
>
>                 Key: SPARK-51795
>                 URL: https://issues.apache.org/jira/browse/SPARK-51795
>             Project: Spark
>          Issue Type: Improvement
>          Components: Spark Core
>    Affects Versions: 3.5.5
>            Reporter: Jonathan Hart
>            Priority: Major
>              Labels: CVE, pull-request-available
>
> The parquet version (1.13.1) used by Spark 3.5.5 contains a major CVE 
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30065 that allows 
> remote code execution. It is recommended to upgrade to parquet versions > 
> 1.15.1.
> The latest v4.0.0-rc4 has been updated to the latest parquet version, but 
> ideally it should be backported to the 3.5.x branch.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

[jira] [Updated] (SPARK-51795) Upgrade critical parquet CVE

Reply via email to