Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-25762

Upgrade guava version in spark dependency lists due to CVE issue

    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 2.2.1, 2.2.2, 2.3.1, 2.3.2
    • None
    • Spark Core
    • None

    Description

      In spark2.x dependency list we have guava-14.0.1.jar. However there are lot vulnerabilities exists in this version.eg. CVE-2018-10237

      https://www.cvedetails.com/cve/CVE-2018-10237/

      Do we have any solution to resolve it or is there any plan to upgrade guava version any of the spark's future release?

      Attachments

        Issue Links

          duplicates

          Dependency upgrade - Upgrading a dependency to a newer version SPARK-23897 Guava version

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open
          is related to

          Sub-task - The sub-task of the issue SPARK-44811 Upgrade Guava to 33.2.1-jre

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              bcrec.debojyoti Debojyoti
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: