hive-ql hive-metastore versions and vulnerabilities

hive-ql shades hive-metastore 3.1.0 component, but have vulnerabilities CVE-2018-1314、CVE-2018-11777, do team have plan to update it ?