This is an automated email from the ASF dual-hosted git repository. ngangam pushed a commit to branch branch-3 in repository https://gitbox.apache.org/repos/asf/hive.git
The following commit(s) were added to refs/heads/branch-3 by this push: new 63a056a HIVE-25795: Update log4j2 version to 2.16.0 for branch-3 (Naveen Gangam) 63a056a is described below commit 63a056ae87de739ba2ea66fd4001f529357a4aa1 Author: Naveen Gangam <ngan...@cloudera.com> AuthorDate: Wed Dec 15 15:57:45 2021 -0500 HIVE-25795: Update log4j2 version to 2.16.0 for branch-3 (Naveen Gangam) --- bin/hive-config.sh | 4 ++++ pom.xml | 2 +- .../apache/hadoop/hive/ql/log/SlidingFilenameRolloverStrategy.java | 4 ++++ standalone-metastore/pom.xml | 7 ++++++- testutils/ptest2/pom.xml | 2 +- 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/bin/hive-config.sh b/bin/hive-config.sh index d52b84e..8381a25 100644 --- a/bin/hive-config.sh +++ b/bin/hive-config.sh @@ -68,3 +68,7 @@ export HIVE_AUX_JARS_PATH=$HIVE_AUX_JARS_PATH # Default to use 256MB export HADOOP_HEAPSIZE=${HADOOP_HEAPSIZE:-256} + +# Disable the JNDI. This feature has critical RCE vulnerability. +# when 2.x <= log4j.version <= 2.14.1 +export HADOOP_CLIENT_OPTS="$HADOOP_CLIENT_OPTS -Dlog4j2.formatMsgNoLookups=true" diff --git a/pom.xml b/pom.xml index 96e0217..40087d8 100644 --- a/pom.xml +++ b/pom.xml @@ -182,7 +182,7 @@ <kryo.version>3.0.3</kryo.version> <libfb303.version>0.9.3</libfb303.version> <libthrift.version>0.9.3</libthrift.version> - <log4j2.version>2.10.0</log4j2.version> + <log4j2.version>2.16.0</log4j2.version> <opencsv.version>2.3</opencsv.version> <orc.version>1.5.6</orc.version> <mockito-all.version>1.10.19</mockito-all.version> diff --git a/ql/src/java/org/apache/hadoop/hive/ql/log/SlidingFilenameRolloverStrategy.java b/ql/src/java/org/apache/hadoop/hive/ql/log/SlidingFilenameRolloverStrategy.java index 664734c..67bbd8e 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/log/SlidingFilenameRolloverStrategy.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/log/SlidingFilenameRolloverStrategy.java @@ -73,6 +73,10 @@ public class SlidingFilenameRolloverStrategy return getLogFileName(pattern); } + @Override public void clearCurrentFileName() { + // no rename is needed + } + /** * @return Mangled file name formed by appending the current timestamp */ diff --git a/standalone-metastore/pom.xml b/standalone-metastore/pom.xml index 04eca50..7599882 100644 --- a/standalone-metastore/pom.xml +++ b/standalone-metastore/pom.xml @@ -78,7 +78,7 @@ <junit.version>4.11</junit.version> <libfb303.version>0.9.3</libfb303.version> <libthrift.version>0.9.3</libthrift.version> - <log4j2.version>2.8.2</log4j2.version> + <log4j2.version>2.16.0</log4j2.version> <mockito-all.version>1.10.19</mockito-all.version> <orc.version>1.5.1</orc.version> <protobuf.version>2.5.0</protobuf.version> @@ -265,6 +265,11 @@ <version>${log4j2.version}</version> </dependency> <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-core</artifactId> + <version>${log4j2.version}</version> + </dependency> + <dependency> <groupId>org.apache.thrift</groupId> <artifactId>libfb303</artifactId> <version>${libfb303.version}</version> diff --git a/testutils/ptest2/pom.xml b/testutils/ptest2/pom.xml index 10dda97..450c158 100644 --- a/testutils/ptest2/pom.xml +++ b/testutils/ptest2/pom.xml @@ -26,7 +26,7 @@ limitations under the License. <name>hive-ptest</name> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> - <log4j2.version>2.10.0</log4j2.version> + <log4j2.version>2.16.0</log4j2.version> <spring.framework.version>3.2.16.RELEASE</spring.framework.version> <jclouds.version>2.0.0</jclouds.version> <checkstyle.conf.dir>${basedir}/../../checkstyle/</checkstyle.conf.dir>