from:"Devaspati Krishnatri \(Jira\)"

[jira] [Created] (HIVE-26646) Upgrade Apache Groovy to 2.5.17/3.0.11 due to critical CVEs

2022-10-18 Thread Devaspati Krishnatri (Jira)

Devaspati Krishnatri created HIVE-26646:
---

 Summary: Upgrade Apache Groovy to 2.5.17/3.0.11 due to critical 
CVEs
 Key: HIVE-26646
 URL: https://issues.apache.org/jira/browse/HIVE-26646
 Project: Hive
  Issue Type: Task
Reporter: Devaspati Krishnatri






--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (HIVE-26648) Upgrade Bouncy Castle to 1.70 due to high CVEs

2022-10-18 Thread Devaspati Krishnatri (Jira)

Devaspati Krishnatri created HIVE-26648:
---

 Summary:  Upgrade Bouncy Castle to 1.70 due to high CVEs
 Key: HIVE-26648
 URL: https://issues.apache.org/jira/browse/HIVE-26648
 Project: Hive
  Issue Type: Task
Reporter: Devaspati Krishnatri






--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (HIVE-26641) Upgrade Guava: Google Core Libraries for Java to v28.2/31.1-jre due to medium CVEs

2022-10-17 Thread Devaspati Krishnatri (Jira)

Devaspati Krishnatri created HIVE-26641:
---

 Summary: Upgrade Guava: Google Core Libraries for Java to 
v28.2/31.1-jre due to medium CVEs
 Key: HIVE-26641
 URL: https://issues.apache.org/jira/browse/HIVE-26641
 Project: Hive
  Issue Type: Task
Reporter: Devaspati Krishnatri






--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (HIVE-26640) Upgrade JUnit to 4.13.2 due to medium CVEs

2022-10-17 Thread Devaspati Krishnatri (Jira)

Devaspati Krishnatri created HIVE-26640:
---

 Summary: Upgrade JUnit to 4.13.2 due to medium CVEs
 Key: HIVE-26640
 URL: https://issues.apache.org/jira/browse/HIVE-26640
 Project: Hive
  Issue Type: Task
Reporter: Devaspati Krishnatri






--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (HIVE-26656) Remove hsqldb dependency in hive due to CVE-2022-41853

2022-10-20 Thread Devaspati Krishnatri (Jira)

Devaspati Krishnatri created HIVE-26656:
---

 Summary: Remove hsqldb dependency in hive due to CVE-2022-41853
 Key: HIVE-26656
 URL: https://issues.apache.org/jira/browse/HIVE-26656
 Project: Hive
  Issue Type: Task
Reporter: Devaspati Krishnatri






--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (HIVE-26681) Upgrade dom4j: flexible XML framework for Java to safe version due to critical CVEs

2022-10-31 Thread Devaspati Krishnatri (Jira)

Devaspati Krishnatri created HIVE-26681:
---

 Summary: Upgrade dom4j: flexible XML framework for Java to safe 
version due to critical CVEs
 Key: HIVE-26681
 URL: https://issues.apache.org/jira/browse/HIVE-26681
 Project: Hive
  Issue Type: Task
Reporter: Devaspati Krishnatri






--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (HIVE-26682) Upgrade Apache Groovy to 2.5.17/3.0.11 due to critical CVEs

2022-10-31 Thread Devaspati Krishnatri (Jira)

Devaspati Krishnatri created HIVE-26682:
---

 Summary:  Upgrade Apache Groovy to 2.5.17/3.0.11 due to critical 
CVEs
 Key: HIVE-26682
 URL: https://issues.apache.org/jira/browse/HIVE-26682
 Project: Hive
  Issue Type: Task
Reporter: Devaspati Krishnatri






--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (HIVE-26625) Upgrade jackson-databind to 2.13.3 due to critical CVEs

2022-10-12 Thread Devaspati Krishnatri (Jira)

Devaspati Krishnatri created HIVE-26625:
---

 Summary: Upgrade jackson-databind to 2.13.3 due to critical CVEs
 Key: HIVE-26625
 URL: https://issues.apache.org/jira/browse/HIVE-26625
 Project: Hive
  Issue Type: Task
Reporter: Devaspati Krishnatri






--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (HIVE-26594) Upgrade netty to 4.1.77 due to CVE-2022-24823

2022-10-05 Thread Devaspati Krishnatri (Jira)

Devaspati Krishnatri created HIVE-26594:
---

 Summary: Upgrade netty to 4.1.77 due to CVE-2022-24823
 Key: HIVE-26594
 URL: https://issues.apache.org/jira/browse/HIVE-26594
 Project: Hive
  Issue Type: Task
Reporter: Devaspati Krishnatri






--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (HIVE-26622) upgrade aws-java-sdk to 1.12.132 version

2022-10-11 Thread Devaspati Krishnatri (Jira)

Devaspati Krishnatri created HIVE-26622:
---

 Summary: upgrade aws-java-sdk to 1.12.132 version
 Key: HIVE-26622
 URL: https://issues.apache.org/jira/browse/HIVE-26622
 Project: Hive
  Issue Type: Task
Reporter: Devaspati Krishnatri






--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (HIVE-26914) Upgrade postgresql to 42.5.1 due to CVE-2022-41946

2023-01-09 Thread Devaspati Krishnatri (Jira)

Devaspati Krishnatri created HIVE-26914:
---

 Summary: Upgrade postgresql to 42.5.1 due to CVE-2022-41946
 Key: HIVE-26914
 URL: https://issues.apache.org/jira/browse/HIVE-26914
 Project: Hive
  Issue Type: Task
Reporter: Devaspati Krishnatri






--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (HIVE-26753) Upgrade Apache Ivy to 2.5.1 due to CVE-2022-37865, CVE-2022-37866

2022-11-17 Thread Devaspati Krishnatri (Jira)

Devaspati Krishnatri created HIVE-26753:
---

 Summary: Upgrade Apache Ivy to 2.5.1 due to CVE-2022-37865, 
CVE-2022-37866
 Key: HIVE-26753
 URL: https://issues.apache.org/jira/browse/HIVE-26753
 Project: Hive
  Issue Type: Task
Reporter: Devaspati Krishnatri






--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (HIVE-26999) Upgrade MySQL Connector Java due to security CVEs

2023-01-30 Thread Devaspati Krishnatri (Jira)

Devaspati Krishnatri created HIVE-26999:
---

 Summary: Upgrade MySQL Connector Java  due to security CVEs
 Key: HIVE-26999
 URL: https://issues.apache.org/jira/browse/HIVE-26999
 Project: Hive
  Issue Type: Task
Reporter: Devaspati Krishnatri


The following CVEs impact older versions of [MySQL Connector 
Java|https://mvnrepository.com/artifact/mysql/mysql-connector-java]
 * *CVE-2021-3711* : Critical  - Impacts all versions up to (including) 8.0.27 
(ref:  [https://nvd.nist.gov/vuln/detail/CVE-2021-3711])
 * *CVE-2021-3712* - High - Impacts all versions up to (including) 8.0.27 (ref: 
[https://nvd.nist.gov/vuln/detail/CVE-2021-37112)|https://nvd.nist.gov/vuln/detail/CVE-2021-3711]
 * *CVE-2021-44531* - High - Impacts all versions up to (including) 8.0.28 
(ref: [https://nvd.nist.gov/vuln/detail/CVE-2021-44531])
 * *CVE-2022-21824* - High - Impacts all versions up to (including) 8.0.28 
(ref:[https://nvd.nist.gov/vuln/detail/CVE-2022-21824)]

Recommendation: *Upgrade* [*MySQL Connector 
Java*|https://mvnrepository.com/artifact/mysql/mysql-connector-java]  *to*  
[*8.0.31*|https://mvnrepository.com/artifact/mysql/mysql-connector-java/8.0.31] 
*or above*



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (HIVE-27012) Upgrade JavaEWAH to 1.1.7

2023-02-01 Thread Devaspati Krishnatri (Jira)

Devaspati Krishnatri created HIVE-27012:
---

 Summary: Upgrade JavaEWAH to 1.1.7
 Key: HIVE-27012
 URL: https://issues.apache.org/jira/browse/HIVE-27012
 Project: Hive
  Issue Type: Task
Reporter: Devaspati Krishnatri


Upgrade JavaEWAH to 1.1.7

JavaEWAH:0.3.2 is pulling in CVE-2022-29580.

CVE-2022-29580 is a High Severity CVE with CVSSv3 Score 7.8



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (HIVE-26646) Upgrade Apache Groovy to 2.5.17/3.0.11 due to critical CVEs

[jira] [Created] (HIVE-26648) Upgrade Bouncy Castle to 1.70 due to high CVEs

[jira] [Created] (HIVE-26641) Upgrade Guava: Google Core Libraries for Java to v28.2/31.1-jre due to medium CVEs

[jira] [Created] (HIVE-26640) Upgrade JUnit to 4.13.2 due to medium CVEs

[jira] [Created] (HIVE-26656) Remove hsqldb dependency in hive due to CVE-2022-41853

[jira] [Created] (HIVE-26681) Upgrade dom4j: flexible XML framework for Java to safe version due to critical CVEs

[jira] [Created] (HIVE-26682) Upgrade Apache Groovy to 2.5.17/3.0.11 due to critical CVEs

[jira] [Created] (HIVE-26625) Upgrade jackson-databind to 2.13.3 due to critical CVEs

[jira] [Created] (HIVE-26594) Upgrade netty to 4.1.77 due to CVE-2022-24823

[jira] [Created] (HIVE-26622) upgrade aws-java-sdk to 1.12.132 version

[jira] [Created] (HIVE-26914) Upgrade postgresql to 42.5.1 due to CVE-2022-41946

[jira] [Created] (HIVE-26753) Upgrade Apache Ivy to 2.5.1 due to CVE-2022-37865, CVE-2022-37866

[jira] [Created] (HIVE-26999) Upgrade MySQL Connector Java due to security CVEs

[jira] [Created] (HIVE-27012) Upgrade JavaEWAH to 1.1.7

14 matches

Site Navigation

Mail list logo

Footer information