You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "Sylwester Lachiewicz (Jira)" <ji...@apache.org> on 2022/05/28 10:06:00 UTC

[jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488

     [ https://issues.apache.org/jira/browse/HIVE-24500?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sylwester Lachiewicz updated HIVE-24500:
----------------------------------------
    Fix Version/s: 4.0.0-alpha-1

> Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488
> -----------------------------------------------------------
>
>                 Key: HIVE-24500
>                 URL: https://issues.apache.org/jira/browse/HIVE-24500
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2
>            Reporter: Sai Hemanth Gantasala
>            Assignee: Sai Hemanth Gantasala
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 4.0.0-alpha-1
>
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> Hive is pulling in log4j 2.12.1 specifically to:
>  * ./usr/lib/hive/lib/log4j-core-2.12.1.jar
> CVE-2020-9488 affects this version and the fix is to upgrade to 2.13.2+. So, upgrade this dependency.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)