[
https://issues.apache.org/jira/browse/HIVE-29337?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vaibhav updated HIVE-29337:
---------------------------
Security: (was: Non-Public)
> We are using Hive 3.1.3 in pur production env. Security team has raised
> concern regarding open VA issues for the builder jars within hive.
> ------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: HIVE-29337
> URL: https://issues.apache.org/jira/browse/HIVE-29337
> Project: Hive
> Issue Type: Bug
> Components: Hive
> Affects Versions: 3.1.3
> Reporter: Vaibhav
> Priority: Critical
>
> Hi Team,
> We are currently using Hive 3.1.3 in our production environment. Our security
> team identified vulnerability issues with this version, so we upgraded Hive
> to 4.1.0. However, the reported vulnerabilities still persist.
> The security team has recommended upgrading the packages located in
> {{/apache-hive-3.1.3-bin/lib}} (or equivalent in Hive 4.1.0) to their latest
> versions. When we attempted to manually update these jars, Hive stopped
> functioning properly due to dependency conflicts.
> Please advise on the recommended approach to resolve these vulnerabilities
> without breaking Hive functionality. Should we upgrade the entire Hadoop
> ecosystem or is there an official patch/fix available for these libraries?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
