[
https://issues.apache.org/jira/browse/HIVE-25795?focusedWorklogId=694435&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-694435
]
ASF GitHub Bot logged work on HIVE-25795:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 11/Dec/21 16:15
Start Date: 11/Dec/21 16:15
Worklog Time Spent: 10m
Work Description: cnauroth commented on a change in pull request #2863:
URL: https://github.com/apache/hive/pull/2863#discussion_r767168936
##########
File path: bin/hive-config.sh
##########
@@ -68,3 +68,7 @@ export HIVE_AUX_JARS_PATH=$HIVE_AUX_JARS_PATH
# Default to use 256MB
export HADOOP_HEAPSIZE=${HADOOP_HEAPSIZE:-256}
+
+# Disable the JNDI. This feature has critical REC vulnerability.
Review comment:
Small nitpick on a typo: "RCE" instead of "REC".
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 694435)
Time Spent: 2h 20m (was: 2h 10m)
> [CVE-2021-44228] Update log4j2 version to 2.15.0
> ------------------------------------------------
>
> Key: HIVE-25795
> URL: https://issues.apache.org/jira/browse/HIVE-25795
> Project: Hive
> Issue Type: Bug
> Components: Logging
> Reporter: Nikhil Gupta
> Assignee: Nikhil Gupta
> Priority: Critical
> Labels: pull-request-available
> Time Spent: 2h 20m
> Remaining Estimate: 0h
>
> [Worst Apache Log4j RCE Zero day Dropped on Internet - Cyber
> Kendra|https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html]
> Vulnerability:
> https://github.com/apache/logging-log4j2/commit/7fe72d6
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
