[nifi] branch main updated: NIFI-10384 Upgraded Avatica to 1.22.0 for Hive 3

Thu, 01 Sep 2022 09:44:26 -0700 

This is an automated email from the ASF dual-hosted git repository.

thenatog pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git


The following commit(s) were added to refs/heads/main by this push:
     new 6350829676 NIFI-10384 Upgraded Avatica to 1.22.0 for Hive 3
6350829676 is described below

commit 6350829676df8e06350174e3c65749a8a322bdca
Author: exceptionfactory <[email protected]>
AuthorDate: Mon Aug 22 15:38:21 2022 -0500

    NIFI-10384 Upgraded Avatica to 1.22.0 for Hive 3
    
    Signed-off-by: Nathan Gough <[email protected]>
    
    This closes #6323.
---
 nifi-dependency-check-maven/suppressions.xml | 5 +++++
 nifi-nar-bundles/nifi-hive-bundle/pom.xml    | 7 +++++++
 2 files changed, 12 insertions(+)

diff --git a/nifi-dependency-check-maven/suppressions.xml 
b/nifi-dependency-check-maven/suppressions.xml
index 02b12ca644..4397a9a5a3 100644
--- a/nifi-dependency-check-maven/suppressions.xml
+++ b/nifi-dependency-check-maven/suppressions.xml
@@ -149,6 +149,11 @@
         <packageUrl 
regex="true">^pkg:maven/org\.apache\.calcite\/calcite-druid@.*$</packageUrl>
         <cve>CVE-2020-13955</cve>
     </suppress>
+    <suppress>
+        <notes>CVE-2020-13955 applies to Apache Calcite Core not Apache 
Calcite Avatica subproject</notes>
+        <packageUrl 
regex="true">^pkg:maven/org\.apache\.calcite\.avatica\/avatica(-metrics)?@.*$</packageUrl>
+        <cve>CVE-2020-13955</cve>
+    </suppress>
     <suppress>
         <notes>OpenTSDB vulnerabilities do not apply to HBase Async 
library</notes>
         <packageUrl 
regex="true">^pkg:maven/org\.hbase/asynchbase@.*$</packageUrl>
diff --git a/nifi-nar-bundles/nifi-hive-bundle/pom.xml 
b/nifi-nar-bundles/nifi-hive-bundle/pom.xml
index a276cf7b36..d31ad02b5a 100644
--- a/nifi-nar-bundles/nifi-hive-bundle/pom.xml
+++ b/nifi-nar-bundles/nifi-hive-bundle/pom.xml
@@ -61,6 +61,12 @@
                 <artifactId>calcite-core</artifactId>
                 <version>${calcite.version}</version>
             </dependency>
+            <!-- Override Apache Calcite Avatica subproject version for Hive 3 
-->
+            <dependency>
+                <groupId>org.apache.calcite.avatica</groupId>
+                <artifactId>avatica</artifactId>
+                <version>${avatica.version}</version>
+            </dependency>
             <!-- Override snakeyaml:1.17 -->
             <dependency>
                 <groupId>org.yaml</groupId>
@@ -113,6 +119,7 @@
         <hive12.hadoop.version>2.6.2</hive12.hadoop.version>
         <hive3.version>3.1.3</hive3.version>
         <hive.version>${hive3.version}</hive.version>
+        <avatica.version>1.22.0</avatica.version>
         <calcite.version>1.31.0</calcite.version>
         <calcite.avatica.version>1.6.0</calcite.avatica.version>
     </properties>

Reply via email to