(hive) branch master updated: HIVE-28245: Upgrade Spring to 5.3.39 due to CVE. (#5435)(Simran Arora, reviewed by Raghav Aggarwal, Indhumathi Muthumurugesh, Butao Zhang)

zhangbutao Tue, 15 Oct 2024 00:26:26 -0700

This is an automated email from the ASF dual-hosted git repository.

zhangbutao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git



The following commit(s) were added to refs/heads/master by this push:
     new 9579027680b HIVE-28245: Upgrade Spring to 5.3.39 due to CVE. 
(#5435)(Simran Arora, reviewed by Raghav Aggarwal, Indhumathi Muthumurugesh, 
Butao Zhang)
9579027680b is described below

commit 9579027680b9ac37876a8f1999c16478a5b2158f
Author: Simran Arora <[email protected]>
AuthorDate: Tue Oct 15 12:56:06 2024 +0530

    HIVE-28245: Upgrade Spring to 5.3.39 due to CVE. (#5435)(Simran Arora, 
reviewed by Raghav Aggarwal, Indhumathi Muthumurugesh, Butao Zhang)
---
 pom.xml                      | 2 +-
 ql/pom.xml                   | 4 ++++
 standalone-metastore/pom.xml | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index f93a928908b..f0b2010ca08 100644
--- a/pom.xml
+++ b/pom.xml
@@ -228,7 +228,7 @@
     <aws-java-sdk.version>1.12.499</aws-java-sdk.version>
     <jansi.version>2.4.0</jansi.version>
     <!-- If upgrading, upgrade atlas as well in ql/pom.xml, which brings in 
some springframework dependencies transitively -->
-    <spring.version>5.3.21</spring.version>
+    <spring.version>5.3.39</spring.version>
     <spring.ldap.version>2.4.1</spring.ldap.version>
     
<project.build.outputTimestamp>2024-01-01T00:00:00Z</project.build.outputTimestamp>
   </properties>
diff --git a/ql/pom.xml b/ql/pom.xml
index 0b56996c343..9af856616b8 100644
--- a/ql/pom.xml
+++ b/ql/pom.xml
@@ -79,6 +79,10 @@
           <groupId>org.slf4j</groupId>
           <artifactId>jul-to-slf4j</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.springframework</groupId>
+          <artifactId>spring-context</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>
diff --git a/standalone-metastore/pom.xml b/standalone-metastore/pom.xml
index 6d4eba24998..36f63cd89a9 100644
--- a/standalone-metastore/pom.xml
+++ b/standalone-metastore/pom.xml
@@ -113,7 +113,7 @@
     <jetty.version>9.4.45.v20220203</jetty.version>
     <javax.annotation-api.version>1.3.2</javax.annotation-api.version>
     <!-- If upgrading, upgrade atlas as well in ql/pom.xml, which brings in 
some springframework dependencies transitively -->
-    <spring.version>5.3.21</spring.version>
+    <spring.version>5.3.39</spring.version>
     <spring.ldap.version>2.4.1</spring.ldap.version>
     <!-- Thrift properties -->
     <thrift.home>you-must-set-this-to-run-thrift</thrift.home>

(hive) branch master updated: HIVE-28245: Upgrade Spring to 5.3.39 due to CVE. (#5435)(Simran Arora, reviewed by Raghav Aggarwal, Indhumathi Muthumurugesh, Butao Zhang)

Reply via email to