Raghav Aggarwal created HIVE-26841:
--------------------------------------
Summary: Upgrade avatica to 1.22.0
Key: HIVE-26841
URL: https://issues.apache.org/jira/browse/HIVE-26841
Project: Hive
Issue Type: Improvement
Affects Versions: 4.0.0-alpha-2
Reporter: Raghav Aggarwal
Assignee: Raghav Aggarwal
To resolve {{CVE-2022-36364 Avatica needs to be upgraded.}}
Apache Calcite Avatica JDBC driver {{httpclient_impl}} connection property can
be used as an RCE vector. Users of previous versions of Avatica MUST upgrade to
mitigate this vulnerability. For more info please see the entry in the CVE
database:
[CVE-2022-36364|http://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-36364].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
