[
https://issues.apache.org/jira/browse/HIVE-24299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17608748#comment-17608748
]
Dmitriy Fingerman commented on HIVE-24299:
------------------------------------------
I tried to upgrade guava in Hive project to the latest version 31.1-jre, but
the upgrade didn't work.
In the past other people tried this as well, and it didn't work.
Should be tried after Hadoop upgrade to 3.3.x line which shades guava and makes
things simpler.
> hive-ql guava versions and vulnerabilities
> ------------------------------------------
>
> Key: HIVE-24299
> URL: https://issues.apache.org/jira/browse/HIVE-24299
> Project: Hive
> Issue Type: Improvement
> Components: hpl/sql
> Affects Versions: 3.1.2
> Reporter: openlookeng
> Assignee: Dmitriy Fingerman
> Priority: Blocker
> Labels: pull-request-available
> Time Spent: 40m
> Remaining Estimate: 0h
>
> hive-ql shades google's guava 19.0 component, but have vulnerabilities
> CVE-2018-10237, do team have plan to update it ?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
