Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update pyarrow version range to address vulnerability CVE-2023-47248 #249

Open
serhio-k opened this issue Nov 22, 2023 · 3 comments
Open

Update pyarrow version range to address vulnerability CVE-2023-47248 #249

serhio-k opened this issue Nov 22, 2023 · 3 comments
Assignees
@caveness
Labels
stat:awaiting tensorflower type:feature

Comments

@serhio-k
Copy link

serhio-k commented Nov 22, 2023
edited
Loading

Hi,

current pyarrow dependency version is set to pyarrow>=10,<11. However, there is a known vulnerability in pyarrow with the CVE-2023-47248.
I'd like to propose bumping the pyarrow version to a range of pyarrow>=14.0.1,<15, which should include the necessary fix for the aforementioned vulnerability. This version range should not introduce compatibility issues while ensuring we are using a secure version of the library.
@singhniraj08 singhniraj08 self-assigned this Nov 28, 2023
@singhniraj08
Copy link

@serhio-k,

Thank you for bringing up this feature request. We will discuss on updating the pyarrow version dependency internally and update this thread. Thank you!

@singhniraj08 singhniraj08 removed their assignment Dec 1, 2023
@Natielle
Copy link

Is there some update about this? Can I help in any way with this issue?

@dev-pinheiro
Copy link

Is there some update?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@caveness caveness

Labels
stat:awaiting tensorflower type:feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@caveness @Natielle @serhio-k @dev-pinheiro @singhniraj08