[HIVE-25639] Exclude tomcat-embed-core from libthrift - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: In Progress
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Thrift API
Labels:
None

Description

After Thrift dependency up-gradation to 0.14.1 to fix a known CVE but a dependency issue in libthrift brings in tomcat-embed-core which has many vulnerabilities. See: ~~THRIFT-5375~~
Since this dependency is used in Thrift only for a test we can safely exclude it inside Hive.

Attachments

Issue Links

links to

https://github.com/apache/hive/pull/2745

Activity

People

Assignee:: Ranith Sardar

Reporter:: Ranith Sardar

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 25/Oct/21 08:49

Updated:: 25/Oct/21 13:12