Re: apache/hive security vulnerabilities.

2024-06-19 Thread Simhadri G
Hi guys, I checked for jackson-databind-2.4.0. It seems to be a transitive dependency from htrace-core . [image: image.png] On Wed, Jun 19, 2024 at 8:29 PM Stamatis Zampetakis wrote: > I am pretty sure that the old Jackson versions are shaded somewhere > inside the jars of Hive dependencies.

Re: apache/hive security vulnerabilities.

2024-06-19 Thread Stamatis Zampetakis
I am pretty sure that the old Jackson versions are shaded somewhere inside the jars of Hive dependencies. We probably need to inspect the contents of our binary distribution of Hive 4.0.0 and take corrective actions if needed. Best, Stamatis On Wed, Jun 19, 2024 at 4:35 PM Denys Kuzmenko wrote:

Re: apache/hive security vulnerabilities.

2024-06-19 Thread Denys Kuzmenko
Hi Sreek, Oh, thanks! Ideally docker image should be build from Hive-4.0 branch artifacts via the GH action. Let me check, I just hope it wasn't manually uploaded

Re: apache/hive security vulnerabilities.

2024-06-19 Thread Iyer, Sreekanth
Hi Denys That's right. jackson-databind version 2.16.1 does not have any CVEs. I also saw that there was HIVE ticket to update to this version. [HIVE-28073] Upgrade jackson version to 2.16.1 - ASF JIRA (apache.org) . The ticket also mentions th

Re: apache/hive security vulnerabilities.

2024-06-19 Thread Denys Kuzmenko
Hi, Hive-4.0 use jackson-databind version 2.16.1. I don't see any CVEs reported in maven central for that artifact: https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.16.1 com.fasterxml.jackson jackson-bom 2.16.1 pom import

Re: Fwd: about hive4.0.0 error

2024-06-19 Thread Denys Kuzmenko
Are you using MR execution mode? it was deprecated, see warning "Hive-on-MR is deprecated in Hive 2 and may not be available in the future versions. Consider using a different execution engine" On 2024/06/19 04:59:22 张三 wrote: > -- Forwarded message - > 发件人: 张三 > Date: 2024年6月19日

Fwd: about hive4.0.0 error

2024-06-19 Thread 张三
-- Forwarded message - 发件人: 张三 Date: 2024年6月19日周三 12:55 Subject: about hive4.0.0 error To: Dear Hive team, I encountered an issue while using the latest version of Hive, 4.0.0. I am not sure if this is a bug. The details are as follows: I am using Hadoop version 3.3.6 and have