Details
-
Task
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
jackson has a whole bunch of CVEs open against 2.9.x, which makes working with HIVE in security aware environments quite difficult.
This has been fixed in HIVE-23338 already, but since 4.0.0 hasn't been released yet (and is not on the horizon, as far as I can tell), this should be backported to branch-3.1.
Attachments
Issue Links
- relates to
-
HADOOP-16905 Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches
- Resolved
-
HIVE-27210 Backport HIVE-23338: Bump jackson version to 2.10.0 in branch-3
- Resolved
-
HADOOP-16917 Update dependency in branch-3.1
- Resolved
-
HIVE-23338 Bump jackson version to 2.10.0
- Closed
- links to