You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "Abhay (Jira)" <ji...@apache.org> on 2021/11/12 22:24:00 UTC

[jira] [Assigned] (HIVE-25696) Hive - Upgrade Spring framework to 5.3.10+/5.2.17+ due to CVE-2021-22118, CVE-2021-22096

     [ https://issues.apache.org/jira/browse/HIVE-25696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Abhay reassigned HIVE-25696:
----------------------------


> Hive - Upgrade Spring framework to 5.3.10+/5.2.17+ due to CVE-2021-22118, CVE-2021-22096
> ----------------------------------------------------------------------------------------
>
>                 Key: HIVE-25696
>                 URL: https://issues.apache.org/jira/browse/HIVE-25696
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Abhay
>            Assignee: Abhay
>            Priority: Major
>
> Hive is currently pulling in 4.3.29, which is unsupported and vulnerable. Please upgrade to 5.2.17+/5.3.10+
> Also, the spring framework is being used as part of the testutils, so we can reduce the scope of the dependency to test.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)