advised by many security teams.
Thanks,
Balaji
From: Sean Owen
Sent: 28 January 2025 18:53
To: Balaji Sudharsanam V
Cc: dev
Subject: [EXTERNAL] Re: Spark 4.0 vulnerable with hive-metastore-2.3.x.jar
versions
If you use vulnerable code in your application, sure, you might be exposed to
its
If you use vulnerable code in your application, sure, you might be exposed
to its vulnerability. That's a problem for the application rather than
Spark.
Here I am asking if you know of a reason this CVE affects Spark usage,
because you're asking about mitigating it. I'm first establishing whether
From: Sean Owen
Sent: 28 January 2025 10:31
To: Balaji Sudharsanam V
Cc: Mich Talebzadeh ; dev
Subject: [EXTERNAL] Re: Spark 4.0 vulnerable with hive-metastore-2.3.x.jar
versions
Can you connect the CVE to Spark? Spark does not run a Hive metastore itself
nor use Hive for executing queries
>
>
>
> Thanks,
>
> Balaji
>
>
>
>
> *From:* Mich Talebzadeh
> *Sent:* 27 January 2025 20:41
> *To:* Sean Owen
> *Cc:* Balaji Sudharsanam V ;
> dev@spark.apache.org
> *Subject:* [EXTERNAL] Re: Spark 4.0 vulnerable with
> hive-metastore-2.3.x.jar
can be a different discussion.
As long as Spark contains a vulnerable jar in its packaging, it is good to
address this.
Thanks,
Balaji
From: Mich Talebzadeh
Sent: 27 January 2025 20:41
To: Sean Owen
Cc: Balaji Sudharsanam V ; dev@spark.apache.org
Subject: [EXTERNAL] Re: Spark 4.0 vulnerabl
t;
>
> *Nicholas T. Marion *
> Senior AI and Analytics Development Lead | IBM zDNN Product Owner
> * Mobile:* 1 845 649 3592
> * E-mail:* nmar...@us.ibm.com
>
> IBM
>
>
>
> *From: *Mich Talebzadeh
> *Date: *Monday, January 27, 2025 at 10:11 AM
> *To: *Sean O
com <mailto:nmar...@us.ibm.com>
IBM
From: Mich Talebzadeh
Date: Monday, January 27, 2025 at 10:11 AM
To: Sean Owen
Cc: Balaji Sudharsanam V , dev@spark.apache.org
Subject: [EXTERNAL] Re: Spark 4.0 vulnerable with hive-metastore-2.3.x.jar
versions
To answer your question, I did not read
To answer your question, I did not read this CVE, but I am responding
solely from my previous experiences with vulennabiries and the thread owner
implications, having used spark in conjunction with Spark for many years.
Mich Talebzadeh,
Architect | Data Science | Financial Crime | Forensic Analy
Mich: did you read the CVE? I'm not clear, as this contains no reference to
the Hive functionality that is affected, or how it might relate to a
metastore. Please explain. Otherwise this looks like a generic AI-generated
response with no particularly relevant content. "In summary"...
On Mon, Jan 2
I think the thread owner's point is valid. The default use of the Hive
Metastore by Spark further gives credence to the importance of addressing
this Hive vulnerability to ensure the security and reliability of Spark
applications. I use Hive as the default metastore for Spark as well. Spark
relies
It looks like that affects Hive, and not the metastore. I do not see that
it is relevant to Spark at first glance.
On Mon, Jan 27, 2025 at 1:21 AM Balaji Sudharsanam V
wrote:
> Hi All,
>
> There is a vulnerability with ‘High’ severity found in the *Apache Spark
> 3.x and 4.0.0 preview (2) relea
11 matches
Mail list logo
