Uploaded image for project: 'Flink'
  1. Flink
  2. FLINK-16772

Bump derby to 10.12.1.1+ or exclude it

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

      Description

      hive-metastore depends on derby 10.10/10.4, which are vulnerable to CVE-2015-1832.

      We should bump the version to at least 10.12.1.1 .

      Assuming that derby is only required for the server and not the client we could potentially even exclude it.

      Bowen Li Can you help with this?

        Attachments

          Activity

            People

            • Assignee:
              lirui Rui Li
              Reporter:
              chesnay Chesnay Schepler

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 20m
                20m

                  Issue deployment