Uploaded image for project: 'Flink'
  1. Flink
  2. FLINK-16772

Bump derby to 10.12.1.1+ or exclude it

    XMLWordPrintableJSON

    Details

      Description

      hive-metastore depends on derby 10.10/10.4, which are vulnerable to CVE-2015-1832.

      We should bump the version to at least 10.12.1.1 .

      Assuming that derby is only required for the server and not the client we could potentially even exclude it.

      Bowen Li Can you help with this?

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lirui Rui Li
                Reporter:
                chesnay Chesnay Schepler
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m