Hi All
Hope you are doing well.
Writing this email for an vulnerable issue: CVE-2018-14721
apache/spark-py:
gav://org.codehaus.jackson:jackson-mapper-asl:1.9.13,CVE-2018-14721,1.8.10-cloudera.2,1.5.0
<= Version <= 1.9.13
We are trying to bring in above image into our firm, but due to the vulne
What Spark version are you referring to? If it's an unsupported version,
no, no plans to update it.
What image are you referring to?
On Wed, Dec 14, 2022 at 7:14 AM haibo.w...@morganstanley.com <
haibo.w...@morganstanley.com> wrote:
> Hi All
>
>
>
> Hope you are doing well.
>
>
>
> Writing this e
Thanks Owen for prompt response
sorry, forgot to mention, it’s latest spark version 3.3.1
Both below spark-py image or pypi are good to use for us, but both have same
Jackson-mapper-asl dependencies.
https://hub.docker.com/layers/apache/spark-py/3.3.1/images/sha256-0d4fd8bcb2ad63a35c9ba5be278a3a
The CVE you mention seems to affect jackson-databind, not
jackson-mapper-asl. 3.3.1 already uses databind 2.13.x which is not
affected.
On Wed, Dec 14, 2022 at 8:20 AM haibo.w...@morganstanley.com <
haibo.w...@morganstanley.com> wrote:
> Thanks Owen for prompt response
>
> sorry, forgot to menti
UNSUBSCRIBE
