[jira] [Commented] (HIVE-24301) hive-ql thrift versions and vulnerabilities

Sai Hemanth Gantasala (Jira) Thu, 22 Oct 2020 10:46:14 -0700


    [ 
https://issues.apache.org/jira/browse/HIVE-24301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17219232#comment-17219232
 ]


Sai Hemanth Gantasala commented on HIVE-24301:
----------------------------------------------

Hi [~openlookeng], which thrift component are you talking about? libthrift uses 
0.13 and libfb303 uses 0.9.3. And we don't have a lastest libfb303 because of 
this https://issues.apache.org/jira/browse/THRIFT-4613

> hive-ql thrift versions and vulnerabilities
> -------------------------------------------
>
>                 Key: HIVE-24301
>                 URL: https://issues.apache.org/jira/browse/HIVE-24301
>             Project: Hive
>          Issue Type: Improvement
>          Components: hpl/sql
>    Affects Versions: 3.1.2
>            Reporter: openlookeng
>            Priority: Blocker
>
> hive-ql shades thrift 0.9.3 component, but have vulnerabilities of 
> CVE-2018-1320、CVE-2016-5397、CVE-2019-3565、CVE-2018-11798、CVE-2019-3564、CVE-2019-3559、CVE-2019-3558、CVE-2019-3552
>  , do team have plan to update it ?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (HIVE-24301) hive-ql thrift versions and vulnerabilities

Reply via email to