Hi All, There is a vulnerability with 'High' severity found in the Apache Spark 3.x and 4.0.0 preview (2) releases, with the hive-metastore-2.3.x.jar. This is defined here, Apache Hive security bypass CVE-2021-34538 Vulnerability Report<https://exchange.xforce.ibmcloud.com/vulnerabilities/231404>
The recommendation is to use upgrade to the latest version of Apache Hive (3.1.3, 4.0 or later), available from the Apache Web site. Can we expect this getting fixed in the Apache Spark 4.0 GA ? Thanks, Balaji
