Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-24229

Upgrade to the latest Apache Thrift 0.10.0 release

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Not A Problem
    • 2.3.0
    • None
    • Java API
    • None

    Description

      According to https://www.cvedetails.com/cve/CVE-2016-5397/

       

      .. there are critical vulnerabilities in libthrift 0.9.3 currently vendored in Apache Spark (and then, for us, into PySpark).

       

      Can anyone help to assess the seriousness of this and what should be done about it?

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            Ray Donnelly Ray Donnelly
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: