[jira] [Work logged] (HIVE-25824) Upgrade branch-2.3 to log4j 2.17.0

Tue, 18 Jan 2022 14:06:24 -0800 


     [ 
https://issues.apache.org/jira/browse/HIVE-25824?focusedWorklogId=710928&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-710928
 ]

ASF GitHub Bot logged work on HIVE-25824:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 18/Jan/22 22:05
            Start Date: 18/Jan/22 22:05
    Worklog Time Spent: 10m 
      Work Description: Gingernaut commented on pull request #2908:
URL: https://github.com/apache/hive/pull/2908#issuecomment-1015876591


   @sunchao any updates on when a 3.x branch update might be released? Seems 
the last release was July 2020, and with the log4j vulnerability it seems it 
would be a high priority fix to publish a new version for. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 710928)
    Time Spent: 2h 10m  (was: 2h)

> Upgrade branch-2.3 to log4j 2.17.0
> ----------------------------------
>
>                 Key: HIVE-25824
>                 URL: https://issues.apache.org/jira/browse/HIVE-25824
>             Project: Hive
>          Issue Type: Improvement
>    Affects Versions: 2.3.8
>            Reporter: Luca Toscano
>            Assignee: Luca Toscano
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 2.3.10
>
>          Time Spent: 2h 10m
>  Remaining Estimate: 0h
>
> Hi everybody,
> I am wondering if there are any plans to upgrade branch-2.3 to log4j 2.17.0 
> as it was done in HIVE-25795 (and related).
> In Apache Bigtop we created https://github.com/apache/bigtop/pull/844, since 
> the one before the last release (Bigtop 1.5.0) shipped Hive 2.3.6.
> I can try to file a pull request for branch-2.3 adapting what was done for 
> Bigtop (if the branch is still maintained), but I am currently experiencing 
> some mvn package failures (that seem unrelated to log4j) so I'd need some 
> help for you in case :)



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to