[jira] [Work logged] (HIVE-25945) Upgrade H2 database version to 2.1.210

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/HIVE-25945?focusedWorklogId=724102&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-724102
 ]

ASF GitHub Bot logged work on HIVE-25945:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 09/Feb/22 21:53
            Start Date: 09/Feb/22 21:53
    Worklog Time Spent: 10m 
      Work Description: zabetak opened a new pull request #3012:
URL: https://github.com/apache/hive/pull/3012


   ### Why are the changes needed?
   The 1.3.166 version suffers from the following security vulnerabilities:
   https://nvd.nist.gov/vuln/detail/CVE-2021-42392
   https://nvd.nist.gov/vuln/detail/CVE-2022-23221
   
   In the project, we use H2 only for testing purposes (inside the jdbc-handler 
module) thus the H2 binaries are not present in the runtime classpath thus 
these CVEs do not pose a problem for Hive or its users.
   
   Nevertheless, it would be good to upgrade to a more recent version to avoid 
Hive coming up in vulnerability scans due to this.
   
   ### Does this PR introduce _any_ user-facing change?
   No
   
   ### How was this patch tested?
   Existing tests


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

            Worklog Id:     (was: 724102)
    Remaining Estimate: 0h
            Time Spent: 10m

> Upgrade H2 database version to 2.1.210
> --------------------------------------
>
>                 Key: HIVE-25945
>                 URL: https://issues.apache.org/jira/browse/HIVE-25945
>             Project: Hive
>          Issue Type: Task
>          Components: Testing Infrastructure
>            Reporter: Stamatis Zampetakis
>            Assignee: Stamatis Zampetakis
>            Priority: Minor
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> The 1.3.166 version, which is in use in Hive, suffers from the following 
> security vulnerabilities:
> https://nvd.nist.gov/vuln/detail/CVE-2021-42392
> https://nvd.nist.gov/vuln/detail/CVE-2022-23221
> In the project, we use H2 only for testing purposes (inside the jdbc-handler 
> module) thus the H2 binaries are not present in the runtime classpath thus 
> these CVEs do not pose a problem for Hive or its users. Nevertheless, it 
> would be good to upgrade to a more recent version to avoid Hive coming up in 
> vulnerability scans due to this.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)