[HIVE-24816] Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.0.0-alpha-1
Component/s: HiveServer2
Labels:
- pull-request-available
- release-3.1.3

Description

Currently, hive is pulling Jackson 2.10.5 version jar. Please upgrade to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649.

Attachments

Issue Links

fixes

HIVE-27210 Backport HIVE-23338: Bump jackson version to 2.10.0 in branch-3

Resolved

links to

GitHub Pull Request #2011

GitHub Pull Request #2075

Activity

People

Assignee:: Sai Hemanth Gantasala

Reporter:: Sai Hemanth Gantasala

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 24/Feb/21 01:38

Updated:: 02/Apr/23 19:59

Resolved:: 12/Oct/21 21:48

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

1h