You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Reuben Kuhnert (JIRA)" <ji...@apache.org> on 2015/11/19 17:42:10 UTC
[jira] [Updated] (HIVE-12469) Bump Commons-Collections dependency
from 3.2.1 to 3.2.2. to address vulnerability
[ https://issues.apache.org/jira/browse/HIVE-12469?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Reuben Kuhnert updated HIVE-12469:
----------------------------------
Description: Currently the commons-collections (3.2.1) library allows for invocation of arbitrary code through {{InvokerTransformer}}, need to bump the version of commons-collections from 3.2.1 to 3.2.2 to resolve this issue.
> Bump Commons-Collections dependency from 3.2.1 to 3.2.2. to address vulnerability
> ---------------------------------------------------------------------------------
>
> Key: HIVE-12469
> URL: https://issues.apache.org/jira/browse/HIVE-12469
> Project: Hive
> Issue Type: Bug
> Components: Hive
> Reporter: Reuben Kuhnert
> Assignee: Reuben Kuhnert
> Priority: Blocker
>
> Currently the commons-collections (3.2.1) library allows for invocation of arbitrary code through {{InvokerTransformer}}, need to bump the version of commons-collections from 3.2.1 to 3.2.2 to resolve this issue.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)