[
https://issues.apache.org/jira/browse/HIVE-26999?focusedWorklogId=842235&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-842235
]
ASF GitHub Bot logged work on HIVE-26999:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 30/Jan/23 10:30
Start Date: 30/Jan/23 10:30
Worklog Time Spent: 10m
Work Description: devaspatikrishnatri opened a new pull request, #3996:
URL: https://github.com/apache/hive/pull/3996
<!--
Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, please read our contributor guidelines:
https://cwiki.apache.org/confluence/display/Hive/HowToContribute
2. Ensure that you have created an issue on the Hive project JIRA:
https://issues.apache.org/jira/projects/HIVE/summary
3. Ensure you have added or run the appropriate tests for your PR:
4. If the PR is unfinished, add '[WIP]' in your PR title, e.g.,
'[WIP]HIVE-XXXXX: Your PR title ...'.
5. Be sure to keep the PR description updated to reflect all changes.
6. Please write your PR title to summarize what this PR proposes.
7. If possible, provide a concise example to reproduce the issue for a
faster review.
-->
### What changes were proposed in this pull request?
<!--
Upgrade MySQL Connector Java to 8.0.31 due to security CVE
-->
### Why are the changes needed?
<!--
To Fix CVEs.
-->
### Does this PR introduce _any_ user-facing change?
<!--
No
-->
### How was this patch tested?
<!--
I built hive locally and checked the depedency tree , thereafter the
required changes were made and hive was again rebuilt successfully.Upon again
checking the dependency tree the versions were shown correctly.
-->
Issue Time Tracking
-------------------
Worklog Id: (was: 842235)
Remaining Estimate: 0h
Time Spent: 10m
> Upgrade MySQL Connector Java due to security CVEs
> --------------------------------------------------
>
> Key: HIVE-26999
> URL: https://issues.apache.org/jira/browse/HIVE-26999
> Project: Hive
> Issue Type: Task
> Reporter: Devaspati Krishnatri
> Assignee: Devaspati Krishnatri
> Priority: Major
> Attachments: tree.txt
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The following CVEs impact older versions of [MySQL Connector
> Java|https://mvnrepository.com/artifact/mysql/mysql-connector-java]
> * *CVE-2021-3711* : Critical - Impacts all versions up to (including)
> 8.0.27 (ref: [https://nvd.nist.gov/vuln/detail/CVE-2021-3711])
> * *CVE-2021-3712* - High - Impacts all versions up to (including) 8.0.27
> (ref:
> [https://nvd.nist.gov/vuln/detail/CVE-2021-37112)|https://nvd.nist.gov/vuln/detail/CVE-2021-3711]
> * *CVE-2021-44531* - High - Impacts all versions up to (including) 8.0.28
> (ref: [https://nvd.nist.gov/vuln/detail/CVE-2021-44531])
> * *CVE-2022-21824* - High - Impacts all versions up to (including) 8.0.28
> (ref:[https://nvd.nist.gov/vuln/detail/CVE-2022-21824)]
> Recommendation: *Upgrade* [*MySQL Connector
> Java*|https://mvnrepository.com/artifact/mysql/mysql-connector-java] *to*
> [*8.0.31*|https://mvnrepository.com/artifact/mysql/mysql-connector-java/8.0.31]
> *or above*
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
