[jira] [Updated] (HIVE-28438) Upgrade commons-dbcp2 and commons-pool2 to 2.12.0 to fix CVEs

ASF GitHub Bot (Jira) Tue, 06 Aug 2024 06:39:03 -0700


     [ 
https://issues.apache.org/jira/browse/HIVE-28438?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


ASF GitHub Bot updated HIVE-28438:
----------------------------------
    Labels: pull-request-available  (was: )

> Upgrade commons-dbcp2 and commons-pool2 to 2.12.0 to fix CVEs
> -------------------------------------------------------------
>
>                 Key: HIVE-28438
>                 URL: https://issues.apache.org/jira/browse/HIVE-28438
>             Project: Hive
>          Issue Type: Improvement
>            Reporter: tanishqchugh
>            Assignee: tanishqchugh
>            Priority: Major
>              Labels: pull-request-available
>
> In the master branch, currently we are using commons-dbcp2 v2.9.0 which is 
> affected by following CVEs:
> [CVE-2022-45868|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45868]
> [CVE-2022-23221|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221]
> [CVE-2021-42392|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392]
> [CVE-2021-23463|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23463]
> Also, there are two different versions (2.10.0 & 2.11.1) of commons-pool2 
> across project as commons-dbcp2 v2.9.0 requires commons-pool2 v2.10.0 as a 
> compile time dependency. 
> Upgrading both of the dependencies to v2.12.0 to resolve the CVEs as well as 
> make commons-pool2 version consistent across project to prevent any kind of 
> potential conflicts.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (HIVE-28438) Upgrade commons-dbcp2 and commons-pool2 to 2.12.0 to fix CVEs

Reply via email to