yuriymalygin opened a new pull request, #6480: URL: https://github.com/apache/hive/pull/6480
Apache Hive currently depends on Apache Log4j Core versions affected by CVE-2026-34480. The vulnerability affects XmlLayout in Log4j Core up to version 2.25.3. Malformed XML output may be produced when log messages contain characters forbidden by XML 1.0 specification. Depending on the StAX implementation, this can result in: - invalid XML logs rejected by downstream log processing systems - silent log event loss - exceptions during logging operations Upstream fix is available in Log4j Core 2.25.4 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
