Aggarwal-Raghav commented on PR #6251: URL: https://github.com/apache/hive/pull/6251#issuecomment-3724601175
@ramitg254 , I understand and totally get why these changes are made but I'm not in favour of such changes because it invites `NoClassDefFoundError ` , `NoSuchMethodError` at Runtime. It's possible that commons-lang3.17 and 3.20 have API compatibility but the correct way is to wait for hadoop (_as they will also have CVE_) to upgrade to non-CVE version and then we can upgrade to new hadoop version. Upgrading to 3.17.0 on other hand makes perfect sense and should be done (_but it won't solve the CVE._) I just wanted to express my concerns, I won't be in way if other PMC/committers are ok with this approach. But my stance is -0 on this (https://hive.apache.org/community/bylaws/#voting) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
