RE: CVE-2022-42889

y, October 27, 2022 12:37 PM To: Sean Owen Cc: Pastrana, Rodrigo (RIS-BCT) ; dev@spark.apache.org Subject: Re: CVE-2022-42889 You don't often get email from ste...@cloudera.com<mailto:ste...@cloudera.com>. Learn why this is important<https://aka.ms/LearnAboutSenderIdentific

RE: CVE-2022-42889

Thanks again Sean! From: Sean Owen Sent: Thursday, October 27, 2022 11:56 AM To: Pastrana, Rodrigo (RIS-BCT) Cc: dev@spark.apache.org Subject: Re: CVE-2022-42889 You don't often get email from sro...@gmail.com<mailto:sro...@gmail.com>. Learn why this is important<

RE: CVE-2022-42889

2022-42889 here: https://spark.apache.org/security.html (likely because Spark determined it is not affected?) From: Sean Owen Sent: Thursday, October 27, 2022 10:27 AM To: Pastrana, Rodrigo (RIS-BCT) Cc: dev@spark.apache.org Subject: Re: CVE-2022-42889 You don't often get email from sro...@

CVE-2022-42889

Hello, This issue (SPARK-40801) which addresses CVE-2022-42889 doesn't seem to have been included in the latest release (3.3.1). Is there a way to estimate a timeline for the first relea

RE: 3.3.1 Release

Great! Thank you! From: Dongjoon Hyun Sent: Tuesday, October 25, 2022 6:08 PM To: Pastrana, Rodrigo (RIS-BCT) Cc: dev@spark.apache.org Subject: Re: 3.3.1 Release You don't often get email from dongjoon.h...@gmail.com<mailto:dongjoon.h...@gmail.com>. Learn why this is important<

3.3.1 Release

Thanks to all involved with the 3.3.1 release. Is there a target date for the official release? Thanks! [VOTE][RESULT] Release Spark 3.3.1 (RC4) The vote passes with 11 +1s (6 binding +1s). Thanks to all who helped with the release! (* = binding) +1: - Sean Owen (*) - Yang,Jie - Dongjoon Hyun (*

Root group membership

Hi Everyone, My Security team has raised concerns about the requirement for root group membership for Spark running on Kubernetes. Does anyone know the reasons for that requirement, how insecure it is, and any alternatives if at all? Thanks, Rodrigo