[
https://issues.apache.org/jira/browse/HIVE-28978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18033454#comment-18033454
]
Simran Arora commented on HIVE-28978:
-------------------------------------
Hey [~devaspatikrishnatri] , I see you have worked on this to resolve
[CVE-2024-57699|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-57699],
but this has now become stale. Is there a plan to continue on this fix or can
i pick it up. I see excluding json-path isn't the solution, upgrading
json-smart to 2.5.2 is the path to follow then?
> Upgrade json-smart to 2.5.2
> ---------------------------
>
> Key: HIVE-28978
> URL: https://issues.apache.org/jira/browse/HIVE-28978
> Project: Hive
> Issue Type: Improvement
> Reporter: Devaspati Krishnatri
> Assignee: Devaspati Krishnatri
> Priority: Major
> Labels: pull-request-available
> Attachments: mvn_dependency_tree_final_4.txt
>
>
> Upgrade json-smart to 2.5.2.
> json-smart comes as a part of json-path , and the latest release of json-path
> was 2.9.0 in Jan 2024 , which brings in json-smart 2.5.0.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
