Devaspati Krishnatri created HIVE-26999:
-------------------------------------------
Summary: Upgrade MySQL Connector Java due to security CVEs
Key: HIVE-26999
URL: https://issues.apache.org/jira/browse/HIVE-26999
Project: Hive
Issue Type: Task
Reporter: Devaspati Krishnatri
The following CVEs impact older versions of [MySQL Connector
Java|https://mvnrepository.com/artifact/mysql/mysql-connector-java]
* *CVE-2021-3711* : Critical - Impacts all versions up to (including) 8.0.27
(ref: [https://nvd.nist.gov/vuln/detail/CVE-2021-3711])
* *CVE-2021-3712* - High - Impacts all versions up to (including) 8.0.27 (ref:
[https://nvd.nist.gov/vuln/detail/CVE-2021-37112)|https://nvd.nist.gov/vuln/detail/CVE-2021-3711]
* *CVE-2021-44531* - High - Impacts all versions up to (including) 8.0.28
(ref: [https://nvd.nist.gov/vuln/detail/CVE-2021-44531])
* *CVE-2022-21824* - High - Impacts all versions up to (including) 8.0.28
(ref:[https://nvd.nist.gov/vuln/detail/CVE-2022-21824)]
Recommendation: *Upgrade* [*MySQL Connector
Java*|https://mvnrepository.com/artifact/mysql/mysql-connector-java] *to*
[*8.0.31*|https://mvnrepository.com/artifact/mysql/mysql-connector-java/8.0.31]
*or above*
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
