[
https://issues.apache.org/jira/browse/HIVE-28435?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ayush Saxena resolved HIVE-28435.
---------------------------------
Fix Version/s: 4.1.0
Resolution: Fixed
> Upgrade cron-utils to 9.2.1
> ---------------------------
>
> Key: HIVE-28435
> URL: https://issues.apache.org/jira/browse/HIVE-28435
> Project: Hive
> Issue Type: Task
> Reporter: tanishqchugh
> Assignee: tanishqchugh
> Priority: Major
> Labels: pull-request-available
> Fix For: 4.1.0
>
>
> Cron-utils v9.1.6 requires org.glassfish:javax.el v3.0.0 as a compile time
> dependency. javax.el artifact was moved to jakarta.el. All versions upto and
> including 3.0.3 for jakarta.el artifact is affected by
> [CVE-2021-28170|[https://nvd.nist.gov/vuln/detail/CVE-2021-28170]]
> Upgrade cron-utils to 9.2.1 to get rid of CVE-2021-28170 as this upgrade
> would remove transitive usage of javax.el
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
