New Contributor
Posts: 5
Registered: ‎10-10-2017
Accepted Solution

Removing Spark1.6

We're using CDH 5.12.1 currently, which ships with Spark1.6. We have deployed Spark2.3 on the cluster, which is the distribution that we're actively using, and is working fine.


However, this does mean that we've got Spark1.6 binaries on our servers. Our security scans have picked these up as a vulnerability and we'd like to go ahead and remove them.


I'm wondering if anyone has attempted something like this before? If so, do they have any advice regarding it? I was simply going to have a look at what Spark1.6 files there are, then write a script that looped through our cluster and removed those files.


If someone has a more "official" way of doing things, that would be preferable. I'm more than aware that my proposal wouldn't exactly be supported.


As a follow up, have the Spark1.6 binaries been removed from more recent CDH versions?

Cloudera Employee
Posts: 1
Registered: ‎02-05-2018

Re: Removing Spark1.6

- CVE-2018-8024: doesn’t affect Spark1.6. - CVE-2018-1334: fixed in CDH5.14.4, CDH5.15.1, CDH5.12.3 and CDH5.16.0. You can upgrade to one of these versions to resolve the issue.