[
https://issues.apache.org/jira/browse/HIVE-29299?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Simran Arora updated HIVE-29299:
--------------------------------
Description: There is
[CVE-2025-41249|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-41249]
for the current version of {*}spring-core 5.3.39{*}. Current version of
*spring-ldap-core[2.4.4]* has spring-core-5.3.39 as dependency, therefore needs
to be upgraded to *3.3.4* which is the next latest version not affected by this
vulnerability ({*}depends on spring-core-6.2.12{*}). (was: There is
[CVE-2025-41249|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-41249]
for the current version of spring-core 5.3.39. Current version of
spring-ldap-core has spring-core-5.3.39 as dependency, therefore needs to be
upgraded to 3.3.4 which is the next latest version not affected by this
vulnerability (depends on spring-core-6.2.12).)
> Upgrade Spring to 6.2.12 and spring-ldap-core to 3.3.4 to resolve
> CVE-2025-41249
> --------------------------------------------------------------------------------
>
> Key: HIVE-29299
> URL: https://issues.apache.org/jira/browse/HIVE-29299
> Project: Hive
> Issue Type: Improvement
> Reporter: Simran Arora
> Assignee: Simran Arora
> Priority: Major
>
> There is
> [CVE-2025-41249|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-41249]
> for the current version of {*}spring-core 5.3.39{*}. Current version of
> *spring-ldap-core[2.4.4]* has spring-core-5.3.39 as dependency, therefore
> needs to be upgraded to *3.3.4* which is the next latest version not affected
> by this vulnerability ({*}depends on spring-core-6.2.12{*}).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
