[
https://issues.apache.org/jira/browse/HIVE-27104?focusedWorklogId=848713&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-848713
]
ASF GitHub Bot logged work on HIVE-27104:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 02/Mar/23 13:47
Start Date: 02/Mar/23 13:47
Worklog Time Spent: 10m
Work Description: Indhumathi27 commented on code in PR #4078:
URL: https://github.com/apache/hive/pull/4078#discussion_r1123124767
##########
pom.xml:
##########
@@ -883,7 +883,12 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
- <version>${bcprov-jdk15on.version}</version>
+ <version>${bouncycastle.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
Review Comment:
bcpkix-jdk15on is a transitive dependency from
org.apache.hadoop:hadoop-yarn-server-web-proxy:jar:3.3.1 version, where the
bouncy castle version is still 1.60, which has vulnerabilities. hence added it
explicitly as dependency with 1.68 version
Issue Time Tracking
-------------------
Worklog Id: (was: 848713)
Time Spent: 1h (was: 50m)
> Upgrade Bouncy Castle to 1.68 due to high CVEs
> ----------------------------------------------
>
> Key: HIVE-27104
> URL: https://issues.apache.org/jira/browse/HIVE-27104
> Project: Hive
> Issue Type: Task
> Reporter: Indhumathi Muthumurugesh
> Priority: Major
> Labels: pull-request-available
> Time Spent: 1h
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
