Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-43388

Latest docker Spark image has critical CVE

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Not A Problem
    • 3.4.0
    • None
    • Spark Docker
    • None

    Description

      I pulled the latest spark 3.4.0 image from dockerhub, on 2023-04-28 and found after scanning on docker desktop that there are several critical CVE found (see screenshot).

      It seems like some changes to github actions are needed to rebuild with updated dependencies on a regular cadence.

       

      Notes:

      Original project issue: https://issues.apache.org/jira/browse/SPARK-40513

      https://hub.docker.com/r/apache/spark/tags

      https://github.com/apache/spark-docker/actions

       

      Attachments

        1. spark-docker.CVE-everywhere.png
          234 kB
          mahiki jones

        Activity

          People

            Unassigned Unassigned
            mahiki mahiki jones
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: