Hi Kiran, Aman Raj is managing a 3.x release with some of these CVEs addressed and rebasing some dependencies as well. Please reach out to him for tentative timelines.
Thank you Naveen On Mon, Jun 5, 2023 at 6:39 AM Kiran Shridhar via security < secur...@hive.apache.org> wrote: > Thanks for the quick response. Posting it to the user mailing list to ask > the same question. > -Kiran > > On Mon, 5 Jun 2023 at 11:18, Stamatis Zampetakis <zabe...@gmail.com> > wrote: > >> [ External sender. Exercise caution. ] >> >> Hi Kiran, >> >> This list is not appropriate for asking questions. Please use user@ or >> dev@ for getting insights about the roadmap. >> >> Best, >> Stamatis >> >> On Mon, Jun 5, 2023 at 12:03 PM Kiran Shridhar via security >> <secur...@hive.apache.org> wrote: >> > >> > Per https://mvnrepository.com/artifact/org.apache.hive/hive-exec/3.1.3, >> this version suffers from several CVEs, some of which are critical. I see >> 4.0.0 is actively addressing some of these. Should we expect these fixes >> backported to 3.1.x branch? If so, any estimated timelines? >> > >> > Thanks, >> > -Kiran >> >
