Skip to content

[ENH] - Release pyspark-notebook with spark 3.2.3 containing fix for CVE-2022-42889 #1838

Closed

Description

What docker image(s) is this feature applicable to?

pyspark-notebook

What changes are you proposing?

Spark 3.2.3 has been released which contains a fix for CVE-2022-42889.
apache/spark#38352

The fix has also been applied to 3.3.1 but 3.3.2 will not be released until Feb/March.
apache/spark#38262 (comment)

Even though this CVE is not harmful, internal alarms/notifications are continuously bothering.
Is it possible to release an image of pyspark-notebook with 3.2.3? This will allow me to switch to this image and clear all the alarms.

How does this affect the user?

Continuous alert notifications will be bothering multiple users and a fix will allow to shut them.

Anything else?

No response

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    tag:UpstreamA problem with one of the upstream packages installed in the docker imagestype:EnhancementA proposed enhancement to the docker images

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions