You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "Ranith Sardar (Jira)" <ji...@apache.org> on 2021/10/25 13:13:00 UTC

[jira] [Work started] (HIVE-25639) Exclude tomcat-embed-core from libthrift

     [ https://issues.apache.org/jira/browse/HIVE-25639?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Work on HIVE-25639 started by Ranith Sardar.
--------------------------------------------
> Exclude tomcat-embed-core from libthrift
> ----------------------------------------
>
>                 Key: HIVE-25639
>                 URL: https://issues.apache.org/jira/browse/HIVE-25639
>             Project: Hive
>          Issue Type: Bug
>          Components: Thrift API
>            Reporter: Ranith Sardar
>            Assignee: Ranith Sardar
>            Priority: Major
>
> After Thrift dependency up-gradation to 0.14.1 to fix a known CVE but a dependency issue in libthrift brings in tomcat-embed-core which has many vulnerabilities. See: THRIFT-5375
> Since this dependency is used in Thrift only for a test we can safely exclude it inside Hive.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)