You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by kg...@apache.org on 2021/12/15 09:12:47 UTC
[hive] branch master updated: HIVE-25804: Update log4j2 version to 2.16.0 to incorporate further CVE-2021-44228 hardening (#2874) (Csaba Juhász reviewed by Zoltan Haindrich)
This is an automated email from the ASF dual-hosted git repository.
kgyrtkirk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git
The following commit(s) were added to refs/heads/master by this push:
new 6f29c1a HIVE-25804: Update log4j2 version to 2.16.0 to incorporate further CVE-2021-44228 hardening (#2874) (Csaba Juhász reviewed by Zoltan Haindrich)
6f29c1a is described below
commit 6f29c1acf04fa1f1b84a6fb86f92bdc65b584567
Author: csjuhasz-c <66...@users.noreply.github.com>
AuthorDate: Wed Dec 15 10:12:38 2021 +0100
HIVE-25804: Update log4j2 version to 2.16.0 to incorporate further CVE-2021-44228 hardening (#2874) (Csaba Juhász reviewed by Zoltan Haindrich)
---
pom.xml | 2 +-
standalone-metastore/pom.xml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/pom.xml b/pom.xml
index 710c1be..2fb29f6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -178,7 +178,7 @@
<!-- Leaving libfb303 at 0.9.3 regardless of libthrift: As per THRIFT-4613 The Apache Thrift project does not publish items related to fb303 at this point -->
<libfb303.version>0.9.3</libfb303.version>
<libthrift.version>0.14.1</libthrift.version>
- <log4j2.version>2.15.0</log4j2.version>
+ <log4j2.version>2.16.0</log4j2.version>
<mariadb.version>2.5.0</mariadb.version>
<mssql.version>6.2.1.jre8</mssql.version>
<mysql.version>8.0.27</mysql.version>
diff --git a/standalone-metastore/pom.xml b/standalone-metastore/pom.xml
index bd331e3..34cdaab 100644
--- a/standalone-metastore/pom.xml
+++ b/standalone-metastore/pom.xml
@@ -91,7 +91,7 @@
<junit.vintage.version>5.6.2</junit.vintage.version>
<libfb303.version>0.9.3</libfb303.version>
<libthrift.version>0.14.1</libthrift.version>
- <log4j2.version>2.15.0</log4j2.version>
+ <log4j2.version>2.16.0</log4j2.version>
<mockito-core.version>3.3.3</mockito-core.version>
<orc.version>1.6.9</orc.version>
<!-- com.google repo will be used except on Aarch64 platform. -->