CarterFendley commented on PR #50647: URL: https://github.com/apache/spark/pull/50647#issuecomment-2833587270
Hey sorry, just getting back to this now after a busy week. Apologies for the delay, thanks for all the comments. @dongjoon-hyun I am a little confused. The [CVE has been publicly announced on April 1st](https://nvd.nist.gov/vuln/detail/CVE-2025-30065), the work done to patch the [parquet-java package was done in private in March](https://github.com/apache/parquet-java/pull/3169). Would you still like me to remove mention of the CVE even though it is public now? Just want to make sure. With respect to this: > Is this based on the official Apache Parquet community CVE announcement? No, there are some threads on the [community mailing list](https://lists.apache.org/list?d...@parquet.apache.org:lte=1M:CVE) but this just in reaction to the CVE announcement. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For additional commands, e-mail: reviews-h...@spark.apache.org
