You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by GitBox <gi...@apache.org> on 2022/10/12 10:08:06 UTC
[GitHub] [flink] 645775992 opened a new pull request, #21031: fix(sec): upgrade org.apache.hive:hive-exec to 3.1.3
645775992 opened a new pull request, #21031:
URL: https://github.com/apache/flink/pull/21031
### What happened?
There are 1 security vulnerabilities found in org.apache.hive:hive-exec 3.1.2
- [CVE-2021-34538](https://www.oscs1024.com/hd/CVE-2021-34538)
### What did I do?
Upgrade org.apache.hive:hive-exec from 3.1.2 to 3.1.3 for vulnerability fix
### What did you expect to happen?
Ideally, no insecure libs should be used.
### The specification of the pull request
[PR Specification](https://www.oscs1024.com/docs/pr-specification/) from OSCS
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] flinkbot commented on pull request #21031: fix(sec): upgrade org.apache.hive:hive-exec to 3.1.3
Posted by GitBox <gi...@apache.org>.
flinkbot commented on PR #21031:
URL: https://github.com/apache/flink/pull/21031#issuecomment-1275931068
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "17d381b85e0bb0f755240d7514a3debcfde7ac6f",
"status" : "UNKNOWN",
"url" : "TBD",
"triggerID" : "17d381b85e0bb0f755240d7514a3debcfde7ac6f",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* 17d381b85e0bb0f755240d7514a3debcfde7ac6f UNKNOWN
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run azure` re-run the last Azure build
</details>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] zentol commented on pull request #21031: fix(sec): upgrade org.apache.hive:hive-exec to 3.1.3
Posted by GitBox <gi...@apache.org>.
zentol commented on PR #21031:
URL: https://github.com/apache/flink/pull/21031#issuecomment-1276030117
The 3.1.3 upgrade is subsumed by https://github.com/apache/flink/pull/20937, and the 2.x upgrade is rejected since it voids the entire purpose of the module (being a 2.x compatible connector).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] zentol closed pull request #21031: fix(sec): upgrade org.apache.hive:hive-exec to 3.1.3
Posted by GitBox <gi...@apache.org>.
zentol closed pull request #21031: fix(sec): upgrade org.apache.hive:hive-exec to 3.1.3
URL: https://github.com/apache/flink/pull/21031
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org