[
https://issues.apache.org/jira/browse/HIVE-27102?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17839518#comment-17839518
]
Stamatis Zampetakis commented on HIVE-27102:
--------------------------------------------
Hey [~frankgrimes97] , Calcite upgrades are rather complex but we will try to
advance this work in the next few weeks and hopefully have it in 4.1.0. Other
than that its worth mentioning that CVE-2020-13955, and CVE-2022-39135 are
probably not exploitable via Hive since the respective codepath does not seem
to be used.
> Upgrade Calcite to 1.33.0 and Avatica to 1.23.0
> -----------------------------------------------
>
> Key: HIVE-27102
> URL: https://issues.apache.org/jira/browse/HIVE-27102
> Project: Hive
> Issue Type: Improvement
> Components: CBO
> Reporter: Stamatis Zampetakis
> Assignee: Stamatis Zampetakis
> Priority: Major
>
> New versions for Calcite and Avatica are available so we should upgrade to
> them.
> I had some WIP in HIVE-26610 for upgrading calcite to 1.32.0 but given that
> the work was not in very advanced state it is preferred to jump directly to
> 1.33.0.
> Avatica must be inline with Calcite so both need to be updated at the same
> time.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
