[SPARK-43388] Latest docker Spark image has critical CVE - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Not A Problem
Affects Version/s: 3.4.0
Fix Version/s: None
Component/s: Spark Docker
Labels:
None

Description

I pulled the latest spark 3.4.0 image from dockerhub, on 2023-04-28 and found after scanning on docker desktop that there are several critical CVE found (see screenshot).

It seems like some changes to github actions are needed to rebuild with updated dependencies on a regular cadence.

Notes:

Original project issue: https://issues.apache.org/jira/browse/SPARK-40513

https://hub.docker.com/r/apache/spark/tags

https://github.com/apache/spark-docker/actions

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

spark-docker.CVE-everywhere.png
05/May/23 18:44
234 kB
mahiki jones

Activity

People

Assignee:: Unassigned

Reporter:: mahiki jones

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 05/May/23 18:44

Updated:: 29/May/23 16:34

Resolved:: 29/May/23 16:34