You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "Reuben Kuhnert (JIRA)" <ji...@apache.org> on 2015/11/19 17:42:10 UTC

[jira] [Updated] (HIVE-12469) Bump Commons-Collections dependency from 3.2.1 to 3.2.2. to address vulnerability

     [ https://issues.apache.org/jira/browse/HIVE-12469?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Reuben Kuhnert updated HIVE-12469:
----------------------------------
    Description: Currently the commons-collections (3.2.1) library allows for invocation of arbitrary code through {{InvokerTransformer}}, need to bump the version of commons-collections from 3.2.1 to 3.2.2 to resolve this issue.

> Bump Commons-Collections dependency from 3.2.1 to 3.2.2. to address vulnerability
> ---------------------------------------------------------------------------------
>
>                 Key: HIVE-12469
>                 URL: https://issues.apache.org/jira/browse/HIVE-12469
>             Project: Hive
>          Issue Type: Bug
>          Components: Hive
>            Reporter: Reuben Kuhnert
>            Assignee: Reuben Kuhnert
>            Priority: Blocker
>
> Currently the commons-collections (3.2.1) library allows for invocation of arbitrary code through {{InvokerTransformer}}, need to bump the version of commons-collections from 3.2.1 to 3.2.2 to resolve this issue.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)