<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Does CVE-2020-13949 (vulnerability) affect the data plane and its security patch is included in Databricks 10.4 LTS? in Administration &amp; Architecture</title>
    <link>https://community.databricks.com/t5/administration-architecture/does-cve-2020-13949-vulnerability-affect-the-data-plane-and-its/m-p/5154#M30</link>
    <description>&lt;P&gt;Hi @Jimin Hsieh​&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Hope everything is going great.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Just wanted to check in if you were able to resolve your issue. If yes, would you be happy to mark an answer as best so that other members can find the solution more quickly? If not, please tell us so we can help you.&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Cheers!&lt;/P&gt;&lt;P&gt;&lt;/P&gt;</description>
    <pubDate>Mon, 01 May 2023 05:58:06 GMT</pubDate>
    <dc:creator>Anonymous</dc:creator>
    <dc:date>2023-05-01T05:58:06Z</dc:date>
    <item>
      <title>Does CVE-2020-13949 (vulnerability) affect the data plane and its security patch is included in Databricks 10.4 LTS?</title>
      <link>https://community.databricks.com/t5/administration-architecture/does-cve-2020-13949-vulnerability-affect-the-data-plane-and-its/m-p/5152#M28</link>
      <description>&lt;P&gt;Here is the previous discussion.&lt;/P&gt;
&lt;P&gt;&lt;A href="https://community.databricks.com/s/question/0D58Y0000ACcIv2SQF/does-thrift-only-exist-in-databrick-control-plane" target="test_blank"&gt;https://community.databricks.com/s/question/0D58Y0000ACcIv2SQF/does-thrift-only-exist-in-databrick-control-plane&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;I have the following questions.&lt;/P&gt;
&lt;OL&gt;
&lt;LI&gt;Does CVE-2020-13949 affect the data plane or not?&lt;/LI&gt;
&lt;LI&gt;Do you know from which version of Databricks runtime you begin to have the patch for this vulnerability? Or is it confirmed that the patch for this vulnerability is included in Databricks runtime 10.4 LTS?&lt;/LI&gt;
&lt;/OL&gt;
&lt;P&gt;Thanks.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 18 Mar 2025 16:46:56 GMT</pubDate>
      <guid>https://community.databricks.com/t5/administration-architecture/does-cve-2020-13949-vulnerability-affect-the-data-plane-and-its/m-p/5152#M28</guid>
      <dc:creator>JH</dc:creator>
      <dc:date>2025-03-18T16:46:56Z</dc:date>
    </item>
    <item>
      <title>Re: Does CVE-2020-13949 (vulnerability) affect the data plane and its security patch is included in Databricks 10.4 LTS?</title>
      <link>https://community.databricks.com/t5/administration-architecture/does-cve-2020-13949-vulnerability-affect-the-data-plane-and-its/m-p/5153#M29</link>
      <description>&lt;P&gt;@Jimin Hsieh​&amp;nbsp;:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;CVE-2020-13949 is a vulnerability in the Apache Thrift library, which is used in the Databricks control plane to manage clusters and other resources. Therefore, it does not directly affect the data plane of Databricks clusters. However, as a security vulnerability in a component used by the control plane, it could potentially be used to compromise the security of the entire Databricks environment if left unpatched.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Databricks has released patches for this vulnerability and recommends that users update to a version that includes the patch. The patch is included in Databricks Runtime 7.3 and later versions. It is not clear whether the patch is included in Databricks Runtime 10.4 LTS specifically, as the LTS versions may have additional backported security fixes. I recommend reaching out to Databricks support to confirm the patch status for your specific use case.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 28 Apr 2023 17:49:25 GMT</pubDate>
      <guid>https://community.databricks.com/t5/administration-architecture/does-cve-2020-13949-vulnerability-affect-the-data-plane-and-its/m-p/5153#M29</guid>
      <dc:creator>Anonymous</dc:creator>
      <dc:date>2023-04-28T17:49:25Z</dc:date>
    </item>
    <item>
      <title>Re: Does CVE-2020-13949 (vulnerability) affect the data plane and its security patch is included in Databricks 10.4 LTS?</title>
      <link>https://community.databricks.com/t5/administration-architecture/does-cve-2020-13949-vulnerability-affect-the-data-plane-and-its/m-p/5154#M30</link>
      <description>&lt;P&gt;Hi @Jimin Hsieh​&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Hope everything is going great.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Just wanted to check in if you were able to resolve your issue. If yes, would you be happy to mark an answer as best so that other members can find the solution more quickly? If not, please tell us so we can help you.&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Cheers!&lt;/P&gt;&lt;P&gt;&lt;/P&gt;</description>
      <pubDate>Mon, 01 May 2023 05:58:06 GMT</pubDate>
      <guid>https://community.databricks.com/t5/administration-architecture/does-cve-2020-13949-vulnerability-affect-the-data-plane-and-its/m-p/5154#M30</guid>
      <dc:creator>Anonymous</dc:creator>
      <dc:date>2023-05-01T05:58:06Z</dc:date>
    </item>
  </channel>
</rss>

