[
https://issues.apache.org/jira/browse/HIVE-26999?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Devaspati Krishnatri updated HIVE-26999:
----------------------------------------
Attachment: tree.txt
> Upgrade MySQL Connector Java due to security CVEs
> --------------------------------------------------
>
> Key: HIVE-26999
> URL: https://issues.apache.org/jira/browse/HIVE-26999
> Project: Hive
> Issue Type: Task
> Reporter: Devaspati Krishnatri
> Assignee: Devaspati Krishnatri
> Priority: Major
> Attachments: tree.txt
>
>
> The following CVEs impact older versions of [MySQL Connector
> Java|https://mvnrepository.com/artifact/mysql/mysql-connector-java]
> * *CVE-2021-3711* : Critical - Impacts all versions up to (including)
> 8.0.27 (ref: [https://nvd.nist.gov/vuln/detail/CVE-2021-3711])
> * *CVE-2021-3712* - High - Impacts all versions up to (including) 8.0.27
> (ref:
> [https://nvd.nist.gov/vuln/detail/CVE-2021-37112)|https://nvd.nist.gov/vuln/detail/CVE-2021-3711]
> * *CVE-2021-44531* - High - Impacts all versions up to (including) 8.0.28
> (ref: [https://nvd.nist.gov/vuln/detail/CVE-2021-44531])
> * *CVE-2022-21824* - High - Impacts all versions up to (including) 8.0.28
> (ref:[https://nvd.nist.gov/vuln/detail/CVE-2022-21824)]
> Recommendation: *Upgrade* [*MySQL Connector
> Java*|https://mvnrepository.com/artifact/mysql/mysql-connector-java] *to*
> [*8.0.31*|https://mvnrepository.com/artifact/mysql/mysql-connector-java/8.0.31]
> *or above*
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
