You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2023/01/30 10:31:00 UTC
[jira] [Work logged] (HIVE-26999) Upgrade MySQL Connector Java due to security CVEs
[ https://issues.apache.org/jira/browse/HIVE-26999?focusedWorklogId=842235&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-842235 ]
ASF GitHub Bot logged work on HIVE-26999:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 30/Jan/23 10:30
Start Date: 30/Jan/23 10:30
Worklog Time Spent: 10m
Work Description: devaspatikrishnatri opened a new pull request, #3996:
URL: https://github.com/apache/hive/pull/3996
<!--
Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, please read our contributor guidelines: https://cwiki.apache.org/confluence/display/Hive/HowToContribute
2. Ensure that you have created an issue on the Hive project JIRA: https://issues.apache.org/jira/projects/HIVE/summary
3. Ensure you have added or run the appropriate tests for your PR:
4. If the PR is unfinished, add '[WIP]' in your PR title, e.g., '[WIP]HIVE-XXXXX: Your PR title ...'.
5. Be sure to keep the PR description updated to reflect all changes.
6. Please write your PR title to summarize what this PR proposes.
7. If possible, provide a concise example to reproduce the issue for a faster review.
-->
### What changes were proposed in this pull request?
<!--
Upgrade MySQL Connector Java to 8.0.31 due to security CVE
-->
### Why are the changes needed?
<!--
To Fix CVEs.
-->
### Does this PR introduce _any_ user-facing change?
<!--
No
-->
### How was this patch tested?
<!--
I built hive locally and checked the depedency tree , thereafter the required changes were made and hive was again rebuilt successfully.Upon again checking the dependency tree the versions were shown correctly.
-->
Issue Time Tracking
-------------------
Worklog Id: (was: 842235)
Remaining Estimate: 0h
Time Spent: 10m
> Upgrade MySQL Connector Java due to security CVEs
> --------------------------------------------------
>
> Key: HIVE-26999
> URL: https://issues.apache.org/jira/browse/HIVE-26999
> Project: Hive
> Issue Type: Task
> Reporter: Devaspati Krishnatri
> Assignee: Devaspati Krishnatri
> Priority: Major
> Attachments: tree.txt
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The following CVEs impact older versions of [MySQL Connector Java|https://mvnrepository.com/artifact/mysql/mysql-connector-java]
> * *CVE-2021-3711* : Critical - Impacts all versions up to (including) 8.0.27 (ref: [https://nvd.nist.gov/vuln/detail/CVE-2021-3711])
> * *CVE-2021-3712* - High - Impacts all versions up to (including) 8.0.27 (ref: [https://nvd.nist.gov/vuln/detail/CVE-2021-37112)|https://nvd.nist.gov/vuln/detail/CVE-2021-3711]
> * *CVE-2021-44531* - High - Impacts all versions up to (including) 8.0.28 (ref: [https://nvd.nist.gov/vuln/detail/CVE-2021-44531])
> * *CVE-2022-21824* - High - Impacts all versions up to (including) 8.0.28 (ref:[https://nvd.nist.gov/vuln/detail/CVE-2022-21824)]
> Recommendation: *Upgrade* [*MySQL Connector Java*|https://mvnrepository.com/artifact/mysql/mysql-connector-java] *to* [*8.0.31*|https://mvnrepository.com/artifact/mysql/mysql-connector-java/8.0.31] *or above*
--
This message was sent by Atlassian Jira
(v8.20.10#820010)