Anh Hoang created HIVE-28174:
--------------------------------
Summary: Bump org.apache.avro:avro from 1.8.2 to 1.11.3 which is
inside hive-exec-3.1.3.jar
Key: HIVE-28174
URL: https://issues.apache.org/jira/browse/HIVE-28174
Project: Hive
Issue Type: Improvement
Affects Versions: 3.1.3
Reporter: Anh Hoang
Hi Apache Hive development team,
Currently we face vulnerabilities with CVE-2023-39410:
[https://nvd.nist.gov/vuln/detail/CVE-2023-39410] in our development
environment. Please help to advise and fix/upgrade for the avro-1.8.2.jar which
is in apache-hive-3.1.3-bin//lib/hive-exec-3.1.3.jar/avro-1.8.2.jar.
As our current techstack, we would like to stick with 3.1.3 version first (even
though there is newly released 4.0.0).
Much appreciate, thanks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
