[
https://issues.apache.org/jira/browse/HIVE-29299?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Simran Arora updated HIVE-29299:
--------------------------------
Description: There is
[CVE-2025-41249|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-41249]
for the current version of spring-core 5.3.39. Current version of
spring-ldap-core has spring-core-5.3.39 as dependency, therefore needs to be
upgraded to 3.3.4 which is the next latest version not affected by this
vulnerability (depends on spring-core-6.2.12). (was: There is
[CVE-2025-41249|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-41249]
for the current version of spring-core 5.3.39. Current version of
spring-ldap-core has spring-core-5.3.39 as dependency, therefore needs to be
upgraded to 3.3.4 which is the next latest version without this vulnerability
(depends on spring-core-6.2.12).)
> Upgrade Spring to 6.2.12 and spring-ldap-core to 3.3.4 to resolve
> CVE-2025-41249
> --------------------------------------------------------------------------------
>
> Key: HIVE-29299
> URL: https://issues.apache.org/jira/browse/HIVE-29299
> Project: Hive
> Issue Type: Improvement
> Reporter: Simran Arora
> Assignee: Simran Arora
> Priority: Major
>
> There is
> [CVE-2025-41249|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-41249]
> for the current version of spring-core 5.3.39. Current version of
> spring-ldap-core has spring-core-5.3.39 as dependency, therefore needs to be
> upgraded to 3.3.4 which is the next latest version not affected by this
> vulnerability (depends on spring-core-6.2.12).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
