Hi KIran, We are actively working on fixing CVE's and adding new features to Hive 3.x release chain. Please note that the next release which will address all these issues will not be 3.1.x. It will be 3.2.0.
JIRA for tracking progress - [HIVE-26748] Prepare for Hive 3.2.0 Release - ASF JIRA (apache.org)<https://issues.apache.org/jira/browse/HIVE-26748> Thanks, Aman. ________________________________ From: Naveen Gangam <ngan...@cloudera.com> Sent: Monday, June 5, 2023 11:27 PM To: Kiran Shridhar <kshrid...@splunk.com> Cc: Stamatis Zampetakis <zabe...@gmail.com>; user@hive.apache.org <user@hive.apache.org> Subject: [EXTERNAL] Re: when to expect next apache hive-exec 3.1.x addressing security fixes? Hi Kiran, Aman Raj is managing a 3.x release with some of these CVEs addressed and rebasing some dependencies as well. Please reach out to him for tentative timelines. Thank you Naveen On Mon, Jun 5, 2023 at 6:39 AM Kiran Shridhar via security <secur...@hive.apache.org<mailto:secur...@hive.apache.org>> wrote: Thanks for the quick response. Posting it to the user mailing list to ask the same question. -Kiran On Mon, 5 Jun 2023 at 11:18, Stamatis Zampetakis <zabe...@gmail.com<mailto:zabe...@gmail.com>> wrote: [ External sender. Exercise caution. ] Hi Kiran, This list is not appropriate for asking questions. Please use user@ or dev@ for getting insights about the roadmap. Best, Stamatis On Mon, Jun 5, 2023 at 12:03 PM Kiran Shridhar via security <secur...@hive.apache.org<mailto:secur...@hive.apache.org>> wrote: > > Per https://mvnrepository.com/artifact/org.apache.hive/hive-exec/3.1.3, this > version suffers from several CVEs, some of which are critical. I see 4.0.0 is > actively addressing some of these. Should we expect these fixes backported to > 3.1.x branch? If so, any estimated timelines? > > Thanks, > -Kiran
