You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2022/02/09 21:54:00 UTC

[jira] [Work logged] (HIVE-25945) Upgrade H2 database version to 2.1.210

     [ https://issues.apache.org/jira/browse/HIVE-25945?focusedWorklogId=724102&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-724102 ]

ASF GitHub Bot logged work on HIVE-25945:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 09/Feb/22 21:53
            Start Date: 09/Feb/22 21:53
    Worklog Time Spent: 10m 
      Work Description: zabetak opened a new pull request #3012:
URL: https://github.com/apache/hive/pull/3012


   ### Why are the changes needed?
   The 1.3.166 version suffers from the following security vulnerabilities:
   https://nvd.nist.gov/vuln/detail/CVE-2021-42392
   https://nvd.nist.gov/vuln/detail/CVE-2022-23221
   
   In the project, we use H2 only for testing purposes (inside the jdbc-handler module) thus the H2 binaries are not present in the runtime classpath thus these CVEs do not pose a problem for Hive or its users.
   
   Nevertheless, it would be good to upgrade to a more recent version to avoid Hive coming up in vulnerability scans due to this.
   
   ### Does this PR introduce _any_ user-facing change?
   No
   
   ### How was this patch tested?
   Existing tests


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

            Worklog Id:     (was: 724102)
    Remaining Estimate: 0h
            Time Spent: 10m

> Upgrade H2 database version to 2.1.210
> --------------------------------------
>
>                 Key: HIVE-25945
>                 URL: https://issues.apache.org/jira/browse/HIVE-25945
>             Project: Hive
>          Issue Type: Task
>          Components: Testing Infrastructure
>            Reporter: Stamatis Zampetakis
>            Assignee: Stamatis Zampetakis
>            Priority: Minor
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> The 1.3.166 version, which is in use in Hive, suffers from the following security vulnerabilities:
> https://nvd.nist.gov/vuln/detail/CVE-2021-42392
> https://nvd.nist.gov/vuln/detail/CVE-2022-23221
> In the project, we use H2 only for testing purposes (inside the jdbc-handler module) thus the H2 binaries are not present in the runtime classpath thus these CVEs do not pose a problem for Hive or its users. Nevertheless, it would be good to upgrade to a more recent version to avoid Hive coming up in vulnerability scans due to this.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)