You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2022/02/09 21:54:00 UTC
[jira] [Work logged] (HIVE-25945) Upgrade H2 database version to 2.1.210
[ https://issues.apache.org/jira/browse/HIVE-25945?focusedWorklogId=724102&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-724102 ]
ASF GitHub Bot logged work on HIVE-25945:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 09/Feb/22 21:53
Start Date: 09/Feb/22 21:53
Worklog Time Spent: 10m
Work Description: zabetak opened a new pull request #3012:
URL: https://github.com/apache/hive/pull/3012
### Why are the changes needed?
The 1.3.166 version suffers from the following security vulnerabilities:
https://nvd.nist.gov/vuln/detail/CVE-2021-42392
https://nvd.nist.gov/vuln/detail/CVE-2022-23221
In the project, we use H2 only for testing purposes (inside the jdbc-handler module) thus the H2 binaries are not present in the runtime classpath thus these CVEs do not pose a problem for Hive or its users.
Nevertheless, it would be good to upgrade to a more recent version to avoid Hive coming up in vulnerability scans due to this.
### Does this PR introduce _any_ user-facing change?
No
### How was this patch tested?
Existing tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 724102)
Remaining Estimate: 0h
Time Spent: 10m
> Upgrade H2 database version to 2.1.210
> --------------------------------------
>
> Key: HIVE-25945
> URL: https://issues.apache.org/jira/browse/HIVE-25945
> Project: Hive
> Issue Type: Task
> Components: Testing Infrastructure
> Reporter: Stamatis Zampetakis
> Assignee: Stamatis Zampetakis
> Priority: Minor
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The 1.3.166 version, which is in use in Hive, suffers from the following security vulnerabilities:
> https://nvd.nist.gov/vuln/detail/CVE-2021-42392
> https://nvd.nist.gov/vuln/detail/CVE-2022-23221
> In the project, we use H2 only for testing purposes (inside the jdbc-handler module) thus the H2 binaries are not present in the runtime classpath thus these CVEs do not pose a problem for Hive or its users. Nevertheless, it would be good to upgrade to a more recent version to avoid Hive coming up in vulnerability scans due to this.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)