containers icon indicating copy to clipboard operation
containers copied to clipboard
verified publisher icon databricks

Runtime images include vulnerable Pyarrow version

Open cdagraca opened this issue 1 year ago • 2 comments

13.3-LTS and 14.3-LTS both still use pyarrow 8.0.0, which contains CVE-2023-47248 It appears this has been patched for actual runtime environments but not for the corresponding docker images.

cdagraca avatar Mar 25 '24 17:03 cdagraca

Since there is no fix for docker images, pyarrow_hotfix is an only option for the moment

serhio-k avatar Apr 08 '24 20:04 serhio-k

I have a fork of 13.3-LTS with working library upgrades for ubuntu (python, dbfuse, standard). I can do the same for 14.3-LTS. I'm just having trouble working out how to build and test all of the other images so I can raise a PR.

cdagraca avatar Apr 09 '24 08:04 cdagraca