[
https://issues.apache.org/jira/browse/HIVE-25945?focusedWorklogId=725068&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-725068
]
ASF GitHub Bot logged work on HIVE-25945:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 11/Feb/22 11:22
Start Date: 11/Feb/22 11:22
Worklog Time Spent: 10m
Work Description: zabetak closed pull request #3012:
URL: https://github.com/apache/hive/pull/3012
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 725068)
Time Spent: 20m (was: 10m)
> Upgrade H2 database version to 2.1.210
> --------------------------------------
>
> Key: HIVE-25945
> URL: https://issues.apache.org/jira/browse/HIVE-25945
> Project: Hive
> Issue Type: Task
> Components: Testing Infrastructure
> Reporter: Stamatis Zampetakis
> Assignee: Stamatis Zampetakis
> Priority: Minor
> Labels: pull-request-available
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The 1.3.166 version, which is in use in Hive, suffers from the following
> security vulnerabilities:
> https://nvd.nist.gov/vuln/detail/CVE-2021-42392
> https://nvd.nist.gov/vuln/detail/CVE-2022-23221
> In the project, we use H2 only for testing purposes (inside the jdbc-handler
> module) thus the H2 binaries are not present in the runtime classpath thus
> these CVEs do not pose a problem for Hive or its users. Nevertheless, it
> would be good to upgrade to a more recent version to avoid Hive coming up in
> vulnerability scans due to this.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
