You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Stamatis Zampetakis (Jira)" <ji...@apache.org> on 2022/09/27 09:03:00 UTC
[jira] [Commented] (HIVE-26568) Upgrade Log4j2 to 2.18.0 due to CVEs
[ https://issues.apache.org/jira/browse/HIVE-26568?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17609920#comment-17609920 ]
Stamatis Zampetakis commented on HIVE-26568:
--------------------------------------------
[~ngangam] The description is misleading since CVE-2021-44832 is already addressed. Can you please clarify if there is still a high security risk and update the description accordingly.
> Upgrade Log4j2 to 2.18.0 due to CVEs
> ------------------------------------
>
> Key: HIVE-26568
> URL: https://issues.apache.org/jira/browse/HIVE-26568
> Project: Hive
> Issue Type: Bug
> Affects Versions: 3.1.2
> Reporter: Naveen Gangam
> Assignee: Naveen Gangam
> Priority: Major
> Labels: pull-request-available
> Time Spent: 20m
> Remaining Estimate: 0h
>
> High security vulnerability in Log4J - CVE-2021-44832 bundled with Hive
--
This message was sent by Atlassian Jira
(v8.20.10#820010)