You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "Raghav Aggarwal (Jira)" <ji...@apache.org> on 2022/12/13 16:23:00 UTC

[jira] [Assigned] (HIVE-26841) Upgrade avatica to 1.22.0

     [ https://issues.apache.org/jira/browse/HIVE-26841?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Raghav Aggarwal reassigned HIVE-26841:
--------------------------------------


> Upgrade avatica to 1.22.0
> -------------------------
>
>                 Key: HIVE-26841
>                 URL: https://issues.apache.org/jira/browse/HIVE-26841
>             Project: Hive
>          Issue Type: Improvement
>    Affects Versions: 4.0.0-alpha-2
>            Reporter: Raghav Aggarwal
>            Assignee: Raghav Aggarwal
>            Priority: Major
>
> To resolve {{CVE-2022-36364 Avatica needs to be upgraded.}}
>  Apache Calcite Avatica JDBC driver {{httpclient_impl}} connection property can be used as an RCE vector. Users of previous versions of Avatica MUST upgrade to mitigate this vulnerability. For more info please see the entry in the CVE database: [CVE-2022-36364|http://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-36364].



--
This message was sent by Atlassian Jira
(v8.20.10#820010)