cancel
Showing results for 
Search instead for 
Did you mean: 
Data Engineering
cancel
Showing results for 
Search instead for 
Did you mean: 

⬆ Bump IPython to 7.31.1

merca
Valued Contributor II

Any plans to bump IPython version to 7.31.1 on the DBR 9.1 LTS runtime?

If no other motivation

1 ACCEPTED SOLUTION

Accepted Solutions

Kaniz
Community Manager
Community Manager

Hi @Merca Ovnerud​ , We’ve already upgraded ipython to 7.32.0 for MLR 11.0, which should have the patch. We’re also planning to upgrade it in the upcoming MLR 10.5.

We also plan to upgrade ipython to a patched version in DBR 10.5 and 11.0, and will not update existing runtimes.

View solution in original post

14 REPLIES 14

Kaniz
Community Manager
Community Manager

Hi @ merca ! Thanks for your question! Let's see if your peers in the community have an answer to your question first. Or else I will get back to you soon. Thanks.

merca
Valued Contributor II

@Kaniz Fatma​ : looks like there is a spamming bot in here... Any functionality to report this kind of stuff?

Anonymous
Not applicable

@Merca Ovnerud​ - Yep. It was awful. I'm sorry I wasn't able to get to it sooner. We are working on better solutions. Thank you for letting us know.

Kaniz
Community Manager
Community Manager

Hi @Merca Ovnerud​ , The following release notes provide information about Databricks Runtime 9.1 LTS and Databricks Runtime 9.1 LTS Photon, powered by Apache Spark 3.1.2. Databricks released these images in September 2021. Photon is in Public Preview.

System environment

  • Operating System: Ubuntu 20.04.3 LTS
  • Java: Zulu 8.56.0.21-CA-linux64
  • Scala: 2.12.10
  • Python: 3.8.8
  • R: 4.1.1
  • Delta Lake: 1.0.0

See Databricks Runtime 9.1 LTS maintenance updates.

merca
Valued Contributor II

Hi @Kaniz Fatma​ .

Thank you for the reply.

It was tough not what I asked. What I really would like to know are you going to plan upgrade iPython to 7,31.1, especially since the current version installed is containing known vulnerabilities.

I'm reading the maintenance notes already every time in hope that the bump is already in place.

-Merca-

Kaniz
Community Manager
Community Manager

Hi @Merca Ovnerud​ ,

Thank you for reaching out!

Let us look into this for you, and we'll circle back with an update.

Kaniz
Community Manager
Community Manager

Hi @Merca Ovnerud​ ,

We don't upgrade IPython versions on runtime once it is released unless there’s a major security risk/perf reason. Even the latest DBR 10.3 is still using IPython 7.22.0, and the yet-to-be-released DBR 11.x is planned to use IPython 7.29.0.

May I know what features do you seek from IPython 7.31.1?

I think you may be able to use notebook scope libraries if you want to use the upgraded IPython version, but pls note that there could be feature incompatibilities with DBX notebooks.

merca
Valued Contributor II

Great, but again - as in my original question I do point out that there is known security risk in the iPython version 7.22.0 and it is patched in 7.31.1

Maybe the link is not easy to see, but here is link to annonced vureneabilty

or if you prefer full links in the comment: https://github.com/advisories/GHSA-pq7m-3gw7-gq5x

Kaniz
Community Manager
Community Manager

Hi @Merca Ovnerud​ ​ , Thank you for bringing this to our attention.

We're working on it.

Kaniz
Community Manager
Community Manager

Hi @Merca Ovnerud​ , We’ve already upgraded ipython to 7.32.0 for MLR 11.0, which should have the patch. We’re also planning to upgrade it in the upcoming MLR 10.5.

We also plan to upgrade ipython to a patched version in DBR 10.5 and 11.0, and will not update existing runtimes.

merca
Valued Contributor II

Hi @Kaniz Fatma​ !

I just checked DBR 10.5 release notes and the IPython version listed there is 7.22.0 installed, but the version that is patched for this security issue is 7.31.1 Did I misread your last comment that it will be upgraded to safe version in DBR 10.5?

Kaniz
Community Manager
Community Manager

Hi @Merca Ovnerud​, The following release notes provide information about Databricks Runtime 10.5, powered by Apache Spark™ 3.2.1. Databricks released these images in May 2022.

merca
Valued Contributor II

exactly - I'm pointing to the same release notes. Notes states that the IPython version is 7.22.0 not 7.31.1

image

Kaniz
Community Manager
Community Manager

Hi @Merca Ovnerud​ , We haven't heard from you since my last response, and I was checking to see if my suggestions helped you.

Also, please don't forget to click the "Select as Best" button" whenever the information provided helps resolve your question.

Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.