[jira] [Updated] (HIVE-28866) Upgrade netty-codec-http to fix CVE-2024-29025

ASF GitHub Bot (Jira) Tue, 01 Apr 2025 22:40:14 -0700


     [ 
https://issues.apache.org/jira/browse/HIVE-28866?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


ASF GitHub Bot updated HIVE-28866:
----------------------------------
    Labels: pull-request-available  (was: )

> Upgrade netty-codec-http to fix CVE-2024-29025
> ----------------------------------------------
>
>                 Key: HIVE-28866
>                 URL: https://issues.apache.org/jira/browse/HIVE-28866
>             Project: Hive
>          Issue Type: Improvement
>            Reporter: tanishqchugh
>            Assignee: tanishqchugh
>            Priority: Major
>              Labels: pull-request-available
>
> Netty was upgraded to 4.1.116.Final as part of HIVE-28040 but with recent 
> changes, we see an occurrence of compile time transitive dependency of 
> netty-codec-http 4.1.100.Final in Hive Metastore REST Catalog
> {code:java}
> [INFO] +- org.apache.hadoop:hadoop-hdfs:jar:3.4.1:compile
> [INFO] | +- commons-daemon:commons-daemon:jar:1.0.13:compile
> [INFO] | +- io.netty:netty-all:jar:4.1.100.Final:compile
> [INFO] | | +- io.netty:netty-codec-dns:jar:4.1.100.Final:compile
> [INFO] | | +- io.netty:netty-codec-haproxy:jar:4.1.100.Final:compile
> [INFO] | | +- io.netty:netty-codec-http:jar:4.1.100.Final:compile{code}
> Add netty configs in dependencyManagement of standalone metastore to fix the 
> same.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (HIVE-28866) Upgrade netty-codec-http to fix CVE-2024-29025

Reply via email to