Hello, Xerces, used as xercesImpl-2.9.1.jar in spark-2.4.5-bin-hadoop2.7.tgz, contain a security vulnerability ( https://nvd.nist.gov/vuln/detail/CVE-2018-2799). As this vulnerability is fixed starting Xerces 2.12, does someone know if there is any plan to move to this newer version?
In case I reached the wrong mailing list, does someone know to which one I could sent such question? Regards, Anthony Poncet
