[HIVE-22374] Upgrade commons-compress version to 1.19 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.0.0-alpha-1
Component/s: Hive
Labels:
None

Description

As described in CVE-2019-12402, commons-compress:1.18 has an issue where certain inputs may cause an infinite loop which leads to a denial of service attack.

This patch simply upgrades common-compress versions from 1.18 to 1.19 which is the latest minor version at the date of filing this issue (Maven repo).

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HIVE-22374.1.patch
26/Oct/19 16:13
0.6 kB
Sumin Byeon
HIVE-22374.2.patch
26/Oct/19 18:01
0.6 kB
Sumin Byeon

Activity

People

Assignee:: Sumin Byeon

Reporter:: Sumin Byeon

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 21/Oct/19 04:44

Updated:: 17/Nov/22 08:51

Resolved:: 08/Nov/19 13:36