[jira] [Created] (HIVE-26646) Upgrade Apache Groovy to 2.5.17/3.0.11 due to critical CVEs
Devaspati Krishnatri created HIVE-26646: --- Summary: Upgrade Apache Groovy to 2.5.17/3.0.11 due to critical CVEs Key: HIVE-26646 URL: https://issues.apache.org/jira/browse/HIVE-26646 Project: Hive Issue Type: Task Reporter: Devaspati Krishnatri -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26648) Upgrade Bouncy Castle to 1.70 due to high CVEs
Devaspati Krishnatri created HIVE-26648: --- Summary: Upgrade Bouncy Castle to 1.70 due to high CVEs Key: HIVE-26648 URL: https://issues.apache.org/jira/browse/HIVE-26648 Project: Hive Issue Type: Task Reporter: Devaspati Krishnatri -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26641) Upgrade Guava: Google Core Libraries for Java to v28.2/31.1-jre due to medium CVEs
Devaspati Krishnatri created HIVE-26641: --- Summary: Upgrade Guava: Google Core Libraries for Java to v28.2/31.1-jre due to medium CVEs Key: HIVE-26641 URL: https://issues.apache.org/jira/browse/HIVE-26641 Project: Hive Issue Type: Task Reporter: Devaspati Krishnatri -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26640) Upgrade JUnit to 4.13.2 due to medium CVEs
Devaspati Krishnatri created HIVE-26640: --- Summary: Upgrade JUnit to 4.13.2 due to medium CVEs Key: HIVE-26640 URL: https://issues.apache.org/jira/browse/HIVE-26640 Project: Hive Issue Type: Task Reporter: Devaspati Krishnatri -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26656) Remove hsqldb dependency in hive due to CVE-2022-41853
Devaspati Krishnatri created HIVE-26656: --- Summary: Remove hsqldb dependency in hive due to CVE-2022-41853 Key: HIVE-26656 URL: https://issues.apache.org/jira/browse/HIVE-26656 Project: Hive Issue Type: Task Reporter: Devaspati Krishnatri -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26681) Upgrade dom4j: flexible XML framework for Java to safe version due to critical CVEs
Devaspati Krishnatri created HIVE-26681: --- Summary: Upgrade dom4j: flexible XML framework for Java to safe version due to critical CVEs Key: HIVE-26681 URL: https://issues.apache.org/jira/browse/HIVE-26681 Project: Hive Issue Type: Task Reporter: Devaspati Krishnatri -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26682) Upgrade Apache Groovy to 2.5.17/3.0.11 due to critical CVEs
Devaspati Krishnatri created HIVE-26682: --- Summary: Upgrade Apache Groovy to 2.5.17/3.0.11 due to critical CVEs Key: HIVE-26682 URL: https://issues.apache.org/jira/browse/HIVE-26682 Project: Hive Issue Type: Task Reporter: Devaspati Krishnatri -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26625) Upgrade jackson-databind to 2.13.3 due to critical CVEs
Devaspati Krishnatri created HIVE-26625: --- Summary: Upgrade jackson-databind to 2.13.3 due to critical CVEs Key: HIVE-26625 URL: https://issues.apache.org/jira/browse/HIVE-26625 Project: Hive Issue Type: Task Reporter: Devaspati Krishnatri -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26594) Upgrade netty to 4.1.77 due to CVE-2022-24823
Devaspati Krishnatri created HIVE-26594: --- Summary: Upgrade netty to 4.1.77 due to CVE-2022-24823 Key: HIVE-26594 URL: https://issues.apache.org/jira/browse/HIVE-26594 Project: Hive Issue Type: Task Reporter: Devaspati Krishnatri -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26622) upgrade aws-java-sdk to 1.12.132 version
Devaspati Krishnatri created HIVE-26622: --- Summary: upgrade aws-java-sdk to 1.12.132 version Key: HIVE-26622 URL: https://issues.apache.org/jira/browse/HIVE-26622 Project: Hive Issue Type: Task Reporter: Devaspati Krishnatri -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26914) Upgrade postgresql to 42.5.1 due to CVE-2022-41946
Devaspati Krishnatri created HIVE-26914: --- Summary: Upgrade postgresql to 42.5.1 due to CVE-2022-41946 Key: HIVE-26914 URL: https://issues.apache.org/jira/browse/HIVE-26914 Project: Hive Issue Type: Task Reporter: Devaspati Krishnatri -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26753) Upgrade Apache Ivy to 2.5.1 due to CVE-2022-37865, CVE-2022-37866
Devaspati Krishnatri created HIVE-26753: --- Summary: Upgrade Apache Ivy to 2.5.1 due to CVE-2022-37865, CVE-2022-37866 Key: HIVE-26753 URL: https://issues.apache.org/jira/browse/HIVE-26753 Project: Hive Issue Type: Task Reporter: Devaspati Krishnatri -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-26999) Upgrade MySQL Connector Java due to security CVEs
Devaspati Krishnatri created HIVE-26999: --- Summary: Upgrade MySQL Connector Java due to security CVEs Key: HIVE-26999 URL: https://issues.apache.org/jira/browse/HIVE-26999 Project: Hive Issue Type: Task Reporter: Devaspati Krishnatri The following CVEs impact older versions of [MySQL Connector Java|https://mvnrepository.com/artifact/mysql/mysql-connector-java] * *CVE-2021-3711* : Critical - Impacts all versions up to (including) 8.0.27 (ref: [https://nvd.nist.gov/vuln/detail/CVE-2021-3711]) * *CVE-2021-3712* - High - Impacts all versions up to (including) 8.0.27 (ref: [https://nvd.nist.gov/vuln/detail/CVE-2021-37112)|https://nvd.nist.gov/vuln/detail/CVE-2021-3711] * *CVE-2021-44531* - High - Impacts all versions up to (including) 8.0.28 (ref: [https://nvd.nist.gov/vuln/detail/CVE-2021-44531]) * *CVE-2022-21824* - High - Impacts all versions up to (including) 8.0.28 (ref:[https://nvd.nist.gov/vuln/detail/CVE-2022-21824)] Recommendation: *Upgrade* [*MySQL Connector Java*|https://mvnrepository.com/artifact/mysql/mysql-connector-java] *to* [*8.0.31*|https://mvnrepository.com/artifact/mysql/mysql-connector-java/8.0.31] *or above* -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HIVE-27012) Upgrade JavaEWAH to 1.1.7
Devaspati Krishnatri created HIVE-27012: --- Summary: Upgrade JavaEWAH to 1.1.7 Key: HIVE-27012 URL: https://issues.apache.org/jira/browse/HIVE-27012 Project: Hive Issue Type: Task Reporter: Devaspati Krishnatri Upgrade JavaEWAH to 1.1.7 JavaEWAH:0.3.2 is pulling in CVE-2022-29580. CVE-2022-29580 is a High Severity CVE with CVSSv3 Score 7.8 -- This message was sent by Atlassian Jira (v8.20.10#820010)