[
https://issues.apache.org/jira/browse/HIVE-28435?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
tanishqchugh updated HIVE-28435:
--------------------------------
Description:
Cron-utils v9.1.6 requires org.glassfish:javax.el v3.0.0 as a compile time
dependency. javax.el artifact was moved to jakarta.el. All versions upto and
including 3.0.3 for jakarta.el artifact is affected by
[CVE-2021-28170|[https://nvd.nist.gov/vuln/detail/CVE-2021-28170]] .
Upgrade cron-utils to 9.2.1 to get rid of CVE-2021-28170 as this upgrade would
remove transitive usage of javax.el
was:
Cron-utils v9.1.6 requires org.glassfish:javax.el v3.0.0 as a compile time
dependency. javax.el artifact was moved to jakarta.el. All versions upto and
including 3.0.3 for jakarta.el artifact is affected by [CVE-2021-28170
|[https://nvd.nist.gov/vuln/detail/CVE-2021-28170].]
Upgrade cron-utils to 9.2.1 to get rid of CVE-2021-28170 as this upgrade would
remove transitive usage of javax.el
> Upgrade cron-utils to 9.2.1
> ---------------------------
>
> Key: HIVE-28435
> URL: https://issues.apache.org/jira/browse/HIVE-28435
> Project: Hive
> Issue Type: Task
> Reporter: tanishqchugh
> Assignee: tanishqchugh
> Priority: Major
>
> Cron-utils v9.1.6 requires org.glassfish:javax.el v3.0.0 as a compile time
> dependency. javax.el artifact was moved to jakarta.el. All versions upto and
> including 3.0.3 for jakarta.el artifact is affected by
> [CVE-2021-28170|[https://nvd.nist.gov/vuln/detail/CVE-2021-28170]] .
> Upgrade cron-utils to 9.2.1 to get rid of CVE-2021-28170 as this upgrade
> would remove transitive usage of javax.el
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
