Hi Kiran, Please link the remaining CVE's that you find should be looked upon as a comment on that JIRA. We will look into it. Please feel free to create tickets for the same and start committing patches in branch-3. Welcome any contributors who want to participate in this effort!
Thanks, Aman. ________________________________ From: Kiran Shridhar <[email protected]> Sent: Tuesday, June 6, 2023 2:47 PM To: Aman Raj <[email protected]> Cc: [email protected] <[email protected]>; Stamatis Zampetakis <[email protected]> Subject: Re: [EXTERNAL] Re: when to expect next apache hive-exec 3.1.x addressing security fixes? Thanks for the update and linking the JIRA ticket. Do you have an estimate of the release timeline for 3.2.0? Also, I see the linked child ticket https://issues.apache.org/jira/browse/HIVE-26749 lists CVEs to be addressed. Is that list complete? I see many more listed 31 to be precise on https://mvnrepository.com/artifact/org.apache.hive/hive-exec/3.1.3 Thanks again, -Kiran On Tue, 6 Jun 2023 at 06:09, Aman Raj <[email protected]<mailto:[email protected]>> wrote: [ External sender. Exercise caution. ] Hi KIran, We are actively working on fixing CVE's and adding new features to Hive 3.x release chain. Please note that the next release which will address all these issues will not be 3.1.x. It will be 3.2.0. JIRA for tracking progress - [HIVE-26748] Prepare for Hive 3.2.0 Release - ASF JIRA (apache.org)<https://issues.apache.org/jira/browse/HIVE-26748> Thanks, Aman. ________________________________ From: Naveen Gangam <[email protected]<mailto:[email protected]>> Sent: Monday, June 5, 2023 11:27 PM To: Kiran Shridhar <[email protected]<mailto:[email protected]>> Cc: Stamatis Zampetakis <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Subject: [EXTERNAL] Re: when to expect next apache hive-exec 3.1.x addressing security fixes? Hi Kiran, Aman Raj is managing a 3.x release with some of these CVEs addressed and rebasing some dependencies as well. Please reach out to him for tentative timelines. Thank you Naveen On Mon, Jun 5, 2023 at 6:39 AM Kiran Shridhar via security <[email protected]<mailto:[email protected]>> wrote: Thanks for the quick response. Posting it to the user mailing list to ask the same question. -Kiran On Mon, 5 Jun 2023 at 11:18, Stamatis Zampetakis <[email protected]<mailto:[email protected]>> wrote: [ External sender. Exercise caution. ] Hi Kiran, This list is not appropriate for asking questions. Please use user@ or dev@ for getting insights about the roadmap. Best, Stamatis On Mon, Jun 5, 2023 at 12:03 PM Kiran Shridhar via security <[email protected]<mailto:[email protected]>> wrote: > > Per https://mvnrepository.com/artifact/org.apache.hive/hive-exec/3.1.3, this > version suffers from several CVEs, some of which are critical. I see 4.0.0 is > actively addressing some of these. Should we expect these fixes backported to > 3.1.x branch? If so, any estimated timelines? > > Thanks, > -Kiran
