You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@hive.apache.org by Stamatis Zampetakis <za...@gmail.com> on 2022/06/17 13:32:27 UTC

Re: [DISCUSS] Remove Druid dependency from Hive

Hi Simhadri,

Thanks for starting this discussion Simhadri.

I am cc'ing the user list as well so that we have a better idea if there
are any active users.

Personally I am not that familiar with the Druid module.
* Is it currently broken?
* Do we have active tests?
* Does it need significant effort to update the Druid version?

Best,
Stamatis

On Thu, Jun 16, 2022 at 10:33 AM SG <si...@gmail.com> wrote:

> Hello Everyone,The last commits related to druid were around early
> 2020[1]Since
> then the version of Druid used by hive has remained the same 0.17.1[2]Druid
> version 0.17.1 has a significant number of CVEs
> <https://mvnrepository.com/artifact/org.apache.druid/druid/0.17.1>
> associated
> with it and some of which allow remote code execution.If no one is
> maintaining it or plan to do so in near future, Can we remove it from our
> code?Thoughts?-Simhadri[1]
>
> https://github.com/apache/hive/search?o=desc&q=druid&s=committer-date&type=commits
> [2]
>
> https://github.com/apache/hive/blob/0033675057a60d0a05a252854455e2b8835e89cc/pom.xml#L127
>