[
https://issues.apache.org/jira/browse/HIVE-26322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17567336#comment-17567336
]
Chris Nauroth commented on HIVE-26322:
--------------------------------------
Thank you, [~dengzh]. This issue states upgrading to GSON 2.9.0 instead of
2.8.9. Although it isn't addressing CVEs, I'm hoping to upgrade to 2.9.0 for
the bug fixes documented in the [release
notes|https://github.com/google/gson/releases/tag/gson-parent-2.9.0]. Hadoop
has done the upgrade too in HADOOP-18300.
Can we reopen this issue and get the linked pull request in?
> Upgrade gson to 2.9.0 due to CVE
> --------------------------------
>
> Key: HIVE-26322
> URL: https://issues.apache.org/jira/browse/HIVE-26322
> Project: Hive
> Issue Type: Improvement
> Reporter: Zhihua Deng
> Priority: Major
> Labels: pull-request-available
> Time Spent: 20m
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
