[Bug] upgrade hive-exec and hive-jdbc dependencies due to CVEs

apache / linkis

Apache Linkis builds a computation middleware layer to facilitate connection, governance and orchestration between the upper applications and the underlying data engines.

https://linkis.apache.org/

Apache License 2.0

3.32k stars 1.17k forks source link

[Bug] upgrade hive-exec and hive-jdbc dependencies due to CVEs #1364

Open pjfanning opened 2 years ago

pjfanning commented 2 years ago

Search before asking

[X] I searched the issues and found no similar issues.

Linkis Component

linkis-cg-engineConnplugin

What happened + What you expected to happen

https://mvnrepository.com/artifact/org.apache.hive/hive-exec shows the CVEs. v2.3.4 seems to be lowest version that is CVE free.

Relevent platform

n/a

Reproduction script

n/a

Anything else

No response

Are you willing to submit a PR?

[ ] Yes I am willing to submit a PR!

wallezhang commented 2 years ago

I want to fix this issues, please assign it to me