Aggarwal-Raghav opened a new pull request, #5172: URL: https://github.com/apache/hive/pull/5172
### What changes were proposed in this pull request? There are dependency like accumulo and slf4j bringing log4j vulnerable jars in dependency tree. There are few dependencies also which don't appear in dependecy tree but are bringing old and vulnerable log4j. This can be observed in local m2 repo cache. ### Why are the changes needed? For CVE's and security reasons. ### Does this PR introduce _any_ user-facing change? NO ### Is the change a dependency upgrade? Yes, here is new dependency tree: [new-dependency-tree.txt](https://github.com/apache/hive/files/14803154/new-dependency-tree.txt) ### How was this patch tested? Will see the UT from CI -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
