Makes sense. Also I see commit on branch-3: https://github.com/apache/hive/pull/2869/files
Details: ------------------------------------ [hive] branch branch-3 updated: HIVE-25795: Update log4j2 version to 2.16.0 for branch-3 (Naveen Gangam) ngangam pushed a commit to branch branch-3 in repository https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitbox.apache.org%2Frepos%2Fasf%2Fhive.git&data=04%7C01%7Crsundara%40visa.com%7C035973489e42480b0a8408d9c00f8965%7C38305e12e15d4ee888b9c4db1c477d76%7C0%7C0%7C637751995224639220%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=3tXPArxsogUrBdW2yV6o2DSErLxbMRtfesoIjO16Lic%3D&reserved=0 The following commit(s) were added to refs/heads/branch-3 by this push: new 63a056a HIVE-25795: Update log4j2 version to 2.16.0 for branch-3 (Naveen Gangam) 63a056a is described below commit 63a056ae87de739ba2ea66fd4001f529357a4aa1 Author: Naveen Gangam <ngan...@cloudera.com> AuthorDate: Wed Dec 15 15:57:45 2021 -0500 HIVE-25795: Update log4j2 version to 2.16.0 for branch-3 (Naveen Gangam) ------------------------------------------ But not sure the change on below file: ql/src/java/org/apache/hadoop/hive/ql/log/SlidingFilenameRolloverStrategy.java Regards, Ram ================================================ On 12/15/21, 8:29 PM, "Battula, Brahma Reddy" <bbatt...@visa.com.INVALID> wrote: it’s committed only for master where we dn’t have this. Only for branch-2 and branch-3, we need to handle this file. Please see, following discussion for same.. https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fhive%2Fpull%2F2863&data=04%7C01%7Crsundara%40visa.com%7C1e0186e08c8b42d66eb908d9c04c926d%7C38305e12e15d4ee888b9c4db1c477d76%7C0%7C0%7C637752257657443876%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=YPJ%2ByXk8vDDCiY1379vAu4sqV5NrKwo6BheYQLTD95U%3D&reserved=0 If you are interested, you raise PR for branch-2 and branc-3. From: Sundaram, Ramakrishnan <rsund...@visa.com.INVALID> Date: Thursday, 16 December 2021 at 3:05 AM To: dev@hive.apache.org <dev@hive.apache.org> Cc: secur...@hive.apache.org <secur...@hive.apache.org> Subject: Re: Regarding log4j2 upgrade: HIVE-25804, HIVE-25795 related to CVE-2021-44228 + security From: "Sundaram, Ramakrishnan" <rsund...@visa.com> Date: Wednesday, December 15, 2021 at 1:32 PM To: "dev@hive.apache.org" <dev@hive.apache.org> Subject: Regarding log4j2 upgrade: HIVE-25804, HIVE-25795 related to CVE-2021-44228 Hi, I see in HIVE-25804 and HIVE-25795, testutils/ptest2/pom.xml is not upgraded to latest versions. Is this a miss? Or the change is not needed? Regards, Ram
