You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "Dmitriy Fingerman (Jira)" <ji...@apache.org> on 2022/09/23 13:37:00 UTC

[jira] [Commented] (HIVE-24299) hive-ql guava versions and vulnerabilities

    [ https://issues.apache.org/jira/browse/HIVE-24299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17608748#comment-17608748 ] 

Dmitriy Fingerman commented on HIVE-24299:
------------------------------------------

I tried to upgrade guava in Hive project to the latest version 31.1-jre, but the upgrade didn't work.
In the past other people tried this as well, and it didn't work.
Should be tried after Hadoop upgrade to 3.3.x line which shades guava and makes things simpler.

> hive-ql guava versions and vulnerabilities
> ------------------------------------------
>
>                 Key: HIVE-24299
>                 URL: https://issues.apache.org/jira/browse/HIVE-24299
>             Project: Hive
>          Issue Type: Improvement
>          Components: hpl/sql
>    Affects Versions: 3.1.2
>            Reporter: openlookeng
>            Assignee: Dmitriy Fingerman
>            Priority: Blocker
>              Labels: pull-request-available
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> hive-ql shades google's guava 19.0 component, but have vulnerabilities CVE-2018-10237, do team have plan to update it ?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)