[
https://issues.apache.org/jira/browse/HIVE-28496?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Butao Zhang resolved HIVE-28496.
--------------------------------
Fix Version/s: 4.1.0
Resolution: Fixed
Merged to master branch!
Thanks [~kiranvelumuri] for the patch!!!
Thanks [~zabetak] [~okumin] for the review!!!
> Address CVE-2020-28487 due to 4.20.0 version of vis.js
> ------------------------------------------------------
>
> Key: HIVE-28496
> URL: https://issues.apache.org/jira/browse/HIVE-28496
> Project: Hive
> Issue Type: Improvement
> Reporter: Kiran Velumuri
> Assignee: Kiran Velumuri
> Priority: Major
> Labels: pull-request-available
> Fix For: 4.1.0
>
>
> This is to address CVE-2020-28487 coming from 4.20.0 version of vis.js from
> the file vis.min.js. This file is being used in the recently added Query plan
> tab in the HiveServer2 web UI.
>
> The project vis.js has been split up into sub projects(from version 5.0.0)
> from which we only require the Network sub-project. This sub-project contains
> both vis.Network and vis.Dataset that we require from vis.min.js.
>
> Link to CVE-2020-28487:
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28487
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
