Hi Sean, I am looking for fixing the vulnerabilities such as these in the 3.0.X branch.
1) CVE-2019-17531 2)CVE-2020-9480 3)CVE-2019-0204 Rajesh Krishnamurthy | Enterprise Architect T: +1 510-833-7189 | M: +1 925-917-9208 http://www.perforce.com Visit us on: Twitter<https://nam12.safelinks.protection.outlook.com/?url=https://twitter.com/perforce&data=04%7c01%7crkrishnamur...@perforce.com%7C67639f41e2f0452b409608d96814840a%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637655259607389020%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=%7C1000&sdata=66YlLKPkoZeh1CyMFzjEG8eFva8EmsPSvRqUFtEf960=&reserved=0> | LinkedIn<https://nam12.safelinks.protection.outlook.com/?url=https://www.linkedin.com/company/perforce?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2019-common&utm_content=email-signature-link&data=04%7c01%7crkrishnamur...@perforce.com%7C785c930f82dc42cdee2b08d98e9b8d5d%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637697621028603583%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=%7C1000&sdata=03F8rlgn5xcYUU3pEkCe85X+Bs4q/WfHlXCne+MshaI=&reserved=0> | Facebook<https://nam12.safelinks.protection.outlook.com/?url=https://www.facebook.com/perforce/?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2019-common&utm_content=email-signature-link&data=04%7c01%7crkrishnamur...@perforce.com%7C785c930f82dc42cdee2b08d98e9b8d5d%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637697621028603583%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=%7C1000&sdata=Jlq031LQ06isyWhiwRQSrTiJnjEZzUc38nULB2yIt5w=&reserved=0> On Feb 14, 2022, at 1:52 PM, Sean Owen <sro...@gmail.com<mailto:sro...@gmail.com>> wrote: What vulnerabilities are you referring to? I'm not aware of any critical outstanding issues, but not sure what you have in mind either. See https://spark.apache.org/versioning-policy.html<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fspark.apache.org%2Fversioning-policy.html&data=04%7C01%7Crkrishnamurthy%40perforce.com%7C76e603a3a65f4995de7608d9f0044ec4%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637804723570591827%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=hFpqIT9rnZhmvSIgWQkqx5SsppiZ61CYgJzfKyYzGy4%3D&reserved=0> - 3.0.x is EOL about now, which doesn't mean there can't be another release, but would not generally expect one. On Mon, Feb 14, 2022 at 3:48 PM Rajesh Krishnamurthy <rkrishnamur...@perforce.com<mailto:rkrishnamur...@perforce.com>> wrote: Hi Sean, Thanks for the response. Does the community have any plans of fixing any vulnerabilities that have been identified in the 3.0.3 version? Do you have any fixed date that 3.0.x is going to be EOL? Rajesh Krishnamurthy | Enterprise Architect T: +1 510-833-7189 | M: +1 925-917-9208 http://www.perforce.com<http://www.perforce.com/> Visit us on: Twitter<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fperforce&data=04%7C01%7Crkrishnamurthy%40perforce.com%7C76e603a3a65f4995de7608d9f0044ec4%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637804723570591827%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=JfbqWgdPMLqKTi4R30jFCejBtjbNj%2B%2F4paZz87SRxNI%3D&reserved=0> | LinkedIn<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fperforce%3Futm_leadsource%3Demail-signature&data=04%7C01%7Crkrishnamurthy%40perforce.com%7C76e603a3a65f4995de7608d9f0044ec4%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637804723570591827%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=nknKNJ6Zn%2Bh2WkC2IJ3nS2fkjKBJRMBqX3Sn7XeU%2FJg%3D&reserved=0> | Facebook<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Fperforce%2F%3Futm_leadsource%3Demail-signature&data=04%7C01%7Crkrishnamurthy%40perforce.com%7C76e603a3a65f4995de7608d9f0044ec4%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637804723570591827%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=kkWBd7OMHaH6zpo2p6D2TFtj%2FjzrUMmHvthrWgKrvXg%3D&reserved=0> On Feb 11, 2022, at 3:09 PM, Sean Owen <sro...@gmail.com<mailto:sro...@gmail.com>> wrote: 3.0.x is about EOL now, and I hadn't heard anyone come forward to push a final maintenance release. Is there a specific issue you're concerned about? On Fri, Feb 11, 2022 at 4:24 PM Rajesh Krishnamurthy <rkrishnamur...@perforce.com<mailto:rkrishnamur...@perforce.com>> wrote: Hi there, We are just wondering if there are any agenda by the Spark community to actively engage development activities on the 3.0.x path. I know we have the latest version of Spark with 3.2.x, but we are just wondering if any development plans to have the vulnerabilities fixed on the 3.0.x path that were identified on the 3.0.3 version, so that we don’t need to migrate to next major version(3.1.x in this case), but at the same time all the vulnerabilities fixed within the minor version upgrade(eg:3.0.x) Rajesh Krishnamurthy | Enterprise Architect T: +1 510-833-7189 | M: +1 925-917-9208 http://www.perforce.com<http://www.perforce.com/> Visit us on: Twitter<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fperforce&data=04%7C01%7Crkrishnamurthy%40perforce.com%7C76e603a3a65f4995de7608d9f0044ec4%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637804723570591827%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=JfbqWgdPMLqKTi4R30jFCejBtjbNj%2B%2F4paZz87SRxNI%3D&reserved=0> | LinkedIn<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fperforce%3Futm_leadsource%3Demail-signature&data=04%7C01%7Crkrishnamurthy%40perforce.com%7C76e603a3a65f4995de7608d9f0044ec4%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637804723570591827%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=nknKNJ6Zn%2Bh2WkC2IJ3nS2fkjKBJRMBqX3Sn7XeU%2FJg%3D&reserved=0> | Facebook<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Fperforce%2F%3Futm_leadsource%3Demail-signature&data=04%7C01%7Crkrishnamurthy%40perforce.com%7C76e603a3a65f4995de7608d9f0044ec4%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637804723570591827%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=kkWBd7OMHaH6zpo2p6D2TFtj%2FjzrUMmHvthrWgKrvXg%3D&reserved=0> This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately. CAUTION: This email originated from outside of the organization. Do not click on links or open attachments unless you recognize the sender and know the content is safe. This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately. CAUTION: This email originated from outside of the organization. Do not click on links or open attachments unless you recognize the sender and know the content is safe. This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.
