[jira] [Assigned] (HIVE-29299) Upgrade Spring to 6.2.12 and spring-ldap-core to 3.3.4 to resolve CVE-2025-41249

Simran Arora (Jira) Fri, 31 Oct 2025 03:14:08 -0700


     [ 
https://issues.apache.org/jira/browse/HIVE-29299?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Simran Arora reassigned HIVE-29299:
-----------------------------------

    Assignee:     (was: Simran Arora)

> Upgrade Spring to 6.2.12 and spring-ldap-core to 3.3.4 to resolve 
> CVE-2025-41249
> --------------------------------------------------------------------------------
>
>                 Key: HIVE-29299
>                 URL: https://issues.apache.org/jira/browse/HIVE-29299
>             Project: Hive
>          Issue Type: Improvement
>            Reporter: Simran Arora
>            Priority: Major
>
> There is 
> [CVE-2025-41249|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-41249]
>  for the current version of {*}spring-core 5.3.39{*}. Current version of 
> *spring-ldap-core[2.4.4]* has spring-core-5.3.39 as dependency, therefore 
> needs to be upgraded to *3.3.4* which is the next latest version not affected 
> by this vulnerability ({*}depends on spring-core-6.2.12{*}).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (HIVE-29299) Upgrade Spring to 6.2.12 and spring-ldap-core to 3.3.4 to resolve CVE-2025-41249

Reply via email to