You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by GitBox <gi...@apache.org> on 2022/10/09 14:49:01 UTC
[GitHub] [flink] ren-jq101 opened a new pull request, #20997: fix(sec): upgrade org.apache.hive:hive-exec to 3.1.3
ren-jq101 opened a new pull request, #20997:
URL: https://github.com/apache/flink/pull/20997
### What happened?
There are 1 security vulnerabilities found in org.apache.hive:hive-exec 2.3.9
- [CVE-2021-34538](https://www.oscs1024.com/hd/CVE-2021-34538)
### What did I do?
Upgrade org.apache.hive:hive-exec from 2.3.9 to 3.1.3 for vulnerability fix
### What did you expect to happen?
Ideally, no insecure libs should be used.
### The specification of the pull request
[PR Specification](https://www.oscs1024.com/docs/pr-specification/) from OSCS
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] flinkbot commented on pull request #20997: fix(sec): upgrade org.apache.hive:hive-exec to 3.1.3
Posted by GitBox <gi...@apache.org>.
flinkbot commented on PR #20997:
URL: https://github.com/apache/flink/pull/20997#issuecomment-1272559812
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "ab8ea0b88dcaf06f8249d20945c7f57b904c5c78",
"status" : "UNKNOWN",
"url" : "TBD",
"triggerID" : "ab8ea0b88dcaf06f8249d20945c7f57b904c5c78",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* ab8ea0b88dcaf06f8249d20945c7f57b904c5c78 UNKNOWN
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run azure` re-run the last Azure build
</details>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] MartijnVisser commented on a diff in pull request #20997: fix(sec): upgrade org.apache.hive:hive-exec to 3.1.3
Posted by GitBox <gi...@apache.org>.
MartijnVisser commented on code in PR #20997:
URL: https://github.com/apache/flink/pull/20997#discussion_r990828362
##########
flink-connectors/flink-sql-connector-hive-2.3.9/pom.xml:
##########
@@ -48,7 +45,7 @@ under the License.
<dependency>
<groupId>org.apache.hive</groupId>
<artifactId>hive-exec</artifactId>
- <version>2.3.9</version>
+ <version>3.1.3</version>
Review Comment:
@ren-jq101 Thanks for the PR, but doesn't make much sense to update both connectors to version 3.1.3. Next to that, updating the version numbers is not enough. Since this would effectively drop version 2.3.9 from the codebase, a discussion and vote needs to happen for that on the mailing list. If that vote would pass, there's more then just a version bump in the POM required. It definitely requires changes to the license NOTICE files plus there could be potential code changes required too.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] zentol closed pull request #20997: fix(sec): upgrade org.apache.hive:hive-exec to 3.1.3
Posted by GitBox <gi...@apache.org>.
zentol closed pull request #20997: fix(sec): upgrade org.apache.hive:hive-exec to 3.1.3
URL: https://github.com/apache/flink/pull/20997
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org