[jira] [Work logged] (HIVE-25824) Upgrade branch-2.3 to log4j 2.17.0

Thu, 23 Dec 2021 03:01:06 -0800 


     [ 
https://issues.apache.org/jira/browse/HIVE-25824?focusedWorklogId=700499&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-700499
 ]

ASF GitHub Bot logged work on HIVE-25824:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 23/Dec/21 11:00
            Start Date: 23/Dec/21 11:00
    Worklog Time Spent: 10m 
      Work Description: elukey opened a new pull request #2908:
URL: https://github.com/apache/hive/pull/2908


   ### What changes were proposed in this pull request?
   
   This change should mimic what done in the 3.x and master branches to fix the 
various CVEs related to log4j.
   
   ### How was this patch tested?
   
   The Apache Bigtop project used the same patch on top of 2.3.6 (released with 
Bigtop 1.5) and all our build/smoke-tests passed.
   More info https://github.com/apache/bigtop/pull/844


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

            Worklog Id:     (was: 700499)
    Remaining Estimate: 0h
            Time Spent: 10m

> Upgrade branch-2.3 to log4j 2.17.0
> ----------------------------------
>
>                 Key: HIVE-25824
>                 URL: https://issues.apache.org/jira/browse/HIVE-25824
>             Project: Hive
>          Issue Type: Improvement
>    Affects Versions: 2.3.8
>            Reporter: Luca Toscano
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Hi everybody,
> I am wondering if there are any plans to upgrade branch-2.3 to log4j 2.17.0 
> as it was done in HIVE-25795 (and related).
> In Apache Bigtop we created https://github.com/apache/bigtop/pull/844, since 
> the one before the last release (Bigtop 1.5.0) shipped Hive 2.3.6.
> I can try to file a pull request for branch-2.3 adapting what was done for 
> Bigtop (if the branch is still maintained), but I am currently experiencing 
> some mvn package failures (that seem unrelated to log4j) so I'd need some 
> help for you in case :)



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to