[
https://issues.apache.org/jira/browse/HIVE-29611?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated HIVE-29611:
----------------------------------
Labels: pull-request-available (was: )
> [CVE-2026-34480] Bump log4j-core version up to 2.25.4
> -----------------------------------------------------
>
> Key: HIVE-29611
> URL: https://issues.apache.org/jira/browse/HIVE-29611
> Project: Hive
> Issue Type: Task
> Reporter: Yuriy Malygin
> Priority: Major
> Labels: pull-request-available
>
> Apache Hive currently depends on Apache Log4j Core versions affected by
> CVE-2026-34480.
> The vulnerability affects XmlLayout in Log4j Core up to version 2.25.3.
> Malformed XML output may be produced when log messages contain characters
> forbidden by XML 1.0 specification. Depending on the StAX implementation,
> this can result in:
> * invalid XML logs rejected by downstream log processing systems
> * silent log event loss
> * exceptions during logging operations
> Upstream fix is available in Log4j Core 2.25.4
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
