You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@spark.apache.org by GitBox <gi...@apache.org> on 2021/04/29 13:10:38 UTC

[GitHub] [spark] bhupeshdhiman84 opened a new pull request #32398: [WIP] hive version upgraded from 2.3.7 to 2.3.8

bhupeshdhiman84 opened a new pull request #32398:
URL: https://github.com/apache/spark/pull/32398


   Hi All,
   
   This is my first time here, I have upgraded the hive version from 2.3.7 to 2.3.8
   
   ### What changes were proposed in this pull request?
   I have upgraded the hive version from 2.3.7 to 2.3.8
   
   ### Why are the changes needed?
   
   Following is the open Jira ticket
   https://issues.apache.org/jira/browse/SPARK-34458
   Apache hive version 2.3.7 used by spark-hive (version 3.0.1) has the following CVEs, as reported by our security team.
   CVE-2017-12625, CVE-2015-1772, CVE-2016-3083, CVE-2018-11777, CVE-2014-0228
   Please upgrade apache hive libraries to a higher version with no known security risks.
   
   
   ### Does this PR introduce _any_ user-facing change?
   Not sure. This will allow user to use 2.3.8 hive version with security patch
   
   
   ### How was this patch tested?
   I have done a new clean build. Please let me know, if I need to do any additional test on it. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] srowen commented on pull request #32398: [WIP] hive version upgraded from 2.3.7 to 2.3.8

Posted by GitBox <gi...@apache.org>.

srowen commented on pull request #32398:
URL: https://github.com/apache/spark/pull/32398#issuecomment-829244775


   This would have to start in master, not 3.0.
   But it was updated already in https://issues.apache.org/jira/browse/SPARK-33696 in 3.2 / master so at least it should be connected to the JIRA, but, I think we'd back-port the change to master, not make a new one.
   
   @wangyum was there any reason not to back port this?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] wangyum commented on pull request #32398: [WIP] hive version upgraded from 2.3.7 to 2.3.8

Posted by GitBox <gi...@apache.org>.

wangyum commented on pull request #32398:
URL: https://github.com/apache/spark/pull/32398#issuecomment-829723137


   @bhupeshdhiman84 These CVEs should have been fixed by Hive 2.3.7?
   
   @srowen Upgrading Hive to 2.3.8 is to upgrade Avro and Parquet. Some changes may have compatibility issues. For example: https://github.com/apache/hive/commit/312bc4088280633322c5acb8c8b97aadc19527ff and https://github.com/apache/hive/commit/2b3d4c921a5185cf546f7642aae55394d3f7b13b. All changes: https://github.com/apache/hive/compare/rel/release-2.3.7...rel/release-2.3.8.
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] dongjoon-hyun commented on pull request #32398: [WIP] hive version upgraded from 2.3.7 to 2.3.8

Posted by GitBox <gi...@apache.org>.

dongjoon-hyun commented on pull request #32398:
URL: https://github.com/apache/spark/pull/32398#issuecomment-830706462


   Well, when it comes to the security, I'd like to recommend to use Apache Spark 3.1.1 which has more latest other patches together. What is the blocker for you, @bhupeshdhiman84 , from using Apache Spark 3.1.1?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] dongjoon-hyun closed pull request #32398: [WIP] hive version upgraded from 2.3.7 to 2.3.8

Posted by GitBox <gi...@apache.org>.

dongjoon-hyun closed pull request #32398:
URL: https://github.com/apache/spark/pull/32398


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] dongjoon-hyun commented on pull request #32398: [WIP] hive version upgraded from 2.3.7 to 2.3.8

Posted by GitBox <gi...@apache.org>.

dongjoon-hyun commented on pull request #32398:
URL: https://github.com/apache/spark/pull/32398#issuecomment-851117258


   Hi, All.
   
   According to the above discussion, I'll close this PR for now.
   
   BTW, Apache Spark 3.1.2 is available, @bhupeshdhiman84 .
   - https://downloads.apache.org/spark/spark-3.1.2/
   - https://spark.apache.org/docs/3.1.2/


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] AmplabJenkins commented on pull request #32398: [WIP] hive version upgraded from 2.3.7 to 2.3.8

Posted by GitBox <gi...@apache.org>.

AmplabJenkins commented on pull request #32398:
URL: https://github.com/apache/spark/pull/32398#issuecomment-829244691


   Can one of the admins verify this patch?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org