[
https://issues.apache.org/jira/browse/HIVE-26423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17570207#comment-17570207
]
John Sherman commented on HIVE-26423:
-------------------------------------
The patch makes the dependency version 2.11.1 -> the original version being
transitively imported was 2.7.0. I went with the newest version since I saw no
issues with it and to attempt to be safe from a CVE standpoint.
> Make commons-pool2 an explicit dependency
> -----------------------------------------
>
> Key: HIVE-26423
> URL: https://issues.apache.org/jira/browse/HIVE-26423
> Project: Hive
> Issue Type: Bug
> Components: HiveServer2
> Reporter: John Sherman
> Assignee: John Sherman
> Priority: Major
> Labels: pull-request-available
> Time Spent: 20m
> Remaining Estimate: 0h
>
> HIVE-26242 started using the commons-pool2 which is getting pulled in a
> transitive dependency through commons-dbcp2 or calcite-core. It would be
> better to make it an explicit dependency to ensure it gets packaged properly
> and/or things do not suddenly break if the transitive dependencies change.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
