You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@hive.apache.org by sa...@apache.org on 2021/12/23 05:16:29 UTC

[hive] branch master updated: HIVE-25825: Upgrade log4j 2.16.0 to 2.17.0+ due to CVE-2021-45105 (Renjianting, reviewed by Sankar Hariappan)

This is an automated email from the ASF dual-hosted git repository.

sankarh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git


The following commit(s) were added to refs/heads/master by this push:
     new 9857c4e5 HIVE-25825: Upgrade log4j 2.16.0 to 2.17.0+ due to CVE-2021-45105 (Renjianting, reviewed by Sankar Hariappan)
9857c4e5 is described below

commit 9857c4e584384f7b0a49c34bc2bdf876c2ea1503
Author: 任建亭 <22...@qq.com>
AuthorDate: Thu Dec 23 13:16:07 2021 +0800

    HIVE-25825: Upgrade log4j 2.16.0 to 2.17.0+ due to CVE-2021-45105 (Renjianting, reviewed by Sankar Hariappan)
    
    Signed-off-by: Sankar Hariappan <sa...@apache.org>
    Closes (#2901)
---
 pom.xml                      | 2 +-
 standalone-metastore/pom.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 57ca0a6..911b6cf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -178,7 +178,7 @@
     <!-- Leaving libfb303 at 0.9.3 regardless of libthrift: As per THRIFT-4613 The Apache Thrift project does not publish items related to fb303 at this point -->
     <libfb303.version>0.9.3</libfb303.version>
     <libthrift.version>0.14.1</libthrift.version>
-    <log4j2.version>2.16.0</log4j2.version>
+    <log4j2.version>2.17.0</log4j2.version>
     <mariadb.version>2.5.0</mariadb.version>
     <mssql.version>6.2.1.jre8</mssql.version>
     <mysql.version>8.0.27</mysql.version>
diff --git a/standalone-metastore/pom.xml b/standalone-metastore/pom.xml
index 34cdaab..ed9b45c 100644
--- a/standalone-metastore/pom.xml
+++ b/standalone-metastore/pom.xml
@@ -91,7 +91,7 @@
     <junit.vintage.version>5.6.2</junit.vintage.version>
     <libfb303.version>0.9.3</libfb303.version>
     <libthrift.version>0.14.1</libthrift.version>
-    <log4j2.version>2.16.0</log4j2.version>
+    <log4j2.version>2.17.0</log4j2.version>
     <mockito-core.version>3.3.3</mockito-core.version>
     <orc.version>1.6.9</orc.version>
     <!-- com.google repo will be used except on Aarch64 platform. -->