[jira] [Updated] (HIVE-28704) Upgrade pac4j opensamlv3 and exclude Javax.json to fix CVE-2023-7272

Sun, 26 Jan 2025 23:47:22 -0800 


     [ 
https://issues.apache.org/jira/browse/HIVE-28704?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Indhumathi Muthumurugesh updated HIVE-28704:
--------------------------------------------
    Description: 
[*INFO*] +- org.pac4j:pac4j-saml-opensamlv3:jar:4.5.8:compile

[*INFO*] |  +- org.pac4j:pac4j-core:jar:4.5.8:compile

[*INFO*] |  +- org.opensaml:opensaml-core:jar:3.4.6:compile

[*INFO*] |  |  \- net.shibboleth.utilities:java-support:jar:7.5.2:compile

[*INFO*] |  +- org.opensaml:opensaml-saml-api:jar:3.4.6:compile

[*INFO*] |  |  \- org.opensaml:opensaml-storage-api:jar:3.4.6:compile

[*INFO*] |  +- org.opensaml:opensaml-saml-impl:jar:3.4.6:compile

[*INFO*] |  |  \- org.opensaml:opensaml-soap-impl:jar:3.4.6:compile

[*INFO*] |  +- org.opensaml:opensaml-soap-api:jar:3.4.6:compile

[*INFO*] |  +- org.opensaml:opensaml-xmlsec-api:jar:3.4.6:compile

[*INFO*] |  +- org.opensaml:opensaml-security-api:jar:3.4.6:compile

[*INFO*] |  +- org.opensaml:opensaml-security-impl:jar:3.4.6:compile

[*INFO*] |  +- org.opensaml:opensaml-profile-api:jar:3.4.6:compile

[*INFO*] |  +- org.opensaml:opensaml-profile-impl:jar:3.4.6:compile

[*INFO*] |  +- org.opensaml:opensaml-messaging-api:jar:3.4.6:compile

[*INFO*] |  +- org.opensaml:opensaml-messaging-impl:jar:3.4.6:compile

[*INFO*] |  +- org.opensaml:opensaml-storage-impl:jar:3.4.6:compile

[*INFO*] |  |  +- org.ldaptive:ldaptive:jar:1.0.13:compile

[*INFO*] |  |  +- javax.json:javax.json-api:jar:1.0:compile

[*INFO*] |  |  +- net.spy:spymemcached:jar:2.12.3:compile

[*INFO*] |  |  \- *org.glassfish:javax.json:jar:1.0.4:runtime*

> Upgrade pac4j opensamlv3 and exclude Javax.json to fix CVE-2023-7272
> --------------------------------------------------------------------
>
>                 Key: HIVE-28704
>                 URL: https://issues.apache.org/jira/browse/HIVE-28704
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Indhumathi Muthumurugesh
>            Assignee: Indhumathi Muthumurugesh
>            Priority: Major
>
> [*INFO*] +- org.pac4j:pac4j-saml-opensamlv3:jar:4.5.8:compile
> [*INFO*] |  +- org.pac4j:pac4j-core:jar:4.5.8:compile
> [*INFO*] |  +- org.opensaml:opensaml-core:jar:3.4.6:compile
> [*INFO*] |  |  \- net.shibboleth.utilities:java-support:jar:7.5.2:compile
> [*INFO*] |  +- org.opensaml:opensaml-saml-api:jar:3.4.6:compile
> [*INFO*] |  |  \- org.opensaml:opensaml-storage-api:jar:3.4.6:compile
> [*INFO*] |  +- org.opensaml:opensaml-saml-impl:jar:3.4.6:compile
> [*INFO*] |  |  \- org.opensaml:opensaml-soap-impl:jar:3.4.6:compile
> [*INFO*] |  +- org.opensaml:opensaml-soap-api:jar:3.4.6:compile
> [*INFO*] |  +- org.opensaml:opensaml-xmlsec-api:jar:3.4.6:compile
> [*INFO*] |  +- org.opensaml:opensaml-security-api:jar:3.4.6:compile
> [*INFO*] |  +- org.opensaml:opensaml-security-impl:jar:3.4.6:compile
> [*INFO*] |  +- org.opensaml:opensaml-profile-api:jar:3.4.6:compile
> [*INFO*] |  +- org.opensaml:opensaml-profile-impl:jar:3.4.6:compile
> [*INFO*] |  +- org.opensaml:opensaml-messaging-api:jar:3.4.6:compile
> [*INFO*] |  +- org.opensaml:opensaml-messaging-impl:jar:3.4.6:compile
> [*INFO*] |  +- org.opensaml:opensaml-storage-impl:jar:3.4.6:compile
> [*INFO*] |  |  +- org.ldaptive:ldaptive:jar:1.0.13:compile
> [*INFO*] |  |  +- javax.json:javax.json-api:jar:1.0:compile
> [*INFO*] |  |  +- net.spy:spymemcached:jar:2.12.3:compile
> [*INFO*] |  |  \- *org.glassfish:javax.json:jar:1.0.4:runtime*



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to