[SPARK-32723] Upgrade to jQuery 3.5.1 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.0.0
Fix Version/s: 3.1.0
Component/s: Spark Core
Labels:
- Security

Description

Spark 3.0, Spark 2.4.x uses JQuery version < 3.5 which has known security vulnerability in Spark Master UI and Spark Worker UI.

Can we please upgrade JQuery to 3.5 and above ?

https://www.tenable.com/plugins/nessus/136929

According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.

Attachments

Issue Links

links to

[Github] Pull Request #29902 (peter-toth)

[Github] Pull Request #29922 (n-marion)

Activity

People

Assignee:: Peter Toth

Reporter:: Ashish Kumar Singh

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 28/Aug/20 06:09

Updated:: 01/Oct/20 15:21

Resolved:: 01/Oct/20 04:30