[HIVE-24787] Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.4.0, 3.1.2
Component/s: HiveServer2
Labels:
None

Description

Hive is pulling in log4j 2.12.1 specifically to:

./usr/lib/hive/lib/log4j-core-2.12.1.jar

CVE-2020-9488 affects this version and the fix is to upgrade to 2.13.2+. So, upgrade this dependency.

Attachments

Issue Links

is duplicated by

HIVE-24500 Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488

Closed

Activity

People

Assignee:: Revival Vape

Reporter:: Revival Vape

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 16/Feb/21 12:31

Updated:: 18/Feb/21 10:23

Resolved:: 16/Feb/21 12:35