Uploaded image for project: 'Flink'
  1. Flink
  2. FLINK-16772

Bump derby to 10.12.1.1+ or exclude it

    XMLWordPrintableJSON

Details

    Description

      hive-metastore depends on derby 10.10/10.4, which are vulnerable to CVE-2015-1832.

      We should bump the version to at least 10.12.1.1 .

      Assuming that derby is only required for the server and not the client we could potentially even exclude it.

      phoenixjiangnan Can you help with this?

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #11610

          Activity

            People

              lirui Rui Li
              chesnay Chesnay Schepler
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m