You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Ranith Sardar (Jira)" <ji...@apache.org> on 2021/10/25 13:13:00 UTC
[jira] [Work started] (HIVE-25639) Exclude tomcat-embed-core from
libthrift
[ https://issues.apache.org/jira/browse/HIVE-25639?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on HIVE-25639 started by Ranith Sardar.
--------------------------------------------
> Exclude tomcat-embed-core from libthrift
> ----------------------------------------
>
> Key: HIVE-25639
> URL: https://issues.apache.org/jira/browse/HIVE-25639
> Project: Hive
> Issue Type: Bug
> Components: Thrift API
> Reporter: Ranith Sardar
> Assignee: Ranith Sardar
> Priority: Major
>
> After Thrift dependency up-gradation to 0.14.1 to fix a known CVE but a dependency issue in libthrift brings in tomcat-embed-core which has many vulnerabilities. See: THRIFT-5375
> Since this dependency is used in Thrift only for a test we can safely exclude it inside Hive.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)