[HIVE-24788] Backport HIVE-23338 to branch-3.1 - ASF JIRA

Log work

Agile Board

Rank to Top

Rank to Bottom

Bulk Copy Attachments

Bulk Move Attachments

Voters

Watch issue

Watchers

Create sub-task

Convert to sub-task

Move

Link

Clone

Labels

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.1.3
Component/s: None
Labels:
- pull-request-available

Description

jackson has a whole bunch of CVEs open against 2.9.x, which makes working with HIVE in security aware environments quite difficult.

This has been fixed in ~~HIVE-23338~~ already, but since 4.0.0 hasn't been released yet (and is not on the horizon, as far as I can tell), this should be backported to branch-3.1.

Attachments

Issue Links

Add Link

relates to

HADOOP-16905 Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches

Resolved

Delete this link

HIVE-27210 Backport HIVE-23338: Bump jackson version to 2.10.0 in branch-3

Resolved

Delete this link

HADOOP-16917 Update dependency in branch-3.1

Resolved

Delete this link

HIVE-23338 Bump jackson version to 2.10.0

Closed

Delete this link

links to

GitHub Pull Request #1986

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: H. Vetinari Assign to me

Reporter:: H. Vetinari

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 16/Feb/21 15:49

Updated:: 02/Apr/23 19:49

Resolved:: 24/Feb/21 11:57

Time Tracking

Log work

Estimated:

Not Specified

Remaining:

Logged:

Backport HIVE-23338 to branch-3.1

Details

Description

Attachments

Issue Links

Activity

People

Dates

Time Tracking

Agile

Slack

Issue deployment