[jira] [Created] (HIVE-24836) Add replication policy name and schedule id as a job name for all the distcp jobs
Ayush Saxena created HIVE-24836: --- Summary: Add replication policy name and schedule id as a job name for all the distcp jobs Key: HIVE-24836 URL: https://issues.apache.org/jira/browse/HIVE-24836 Project: Hive Issue Type: Improvement Reporter: Ayush Saxena Assignee: Ayush Saxena Add replication policy name and schedule id as a job name for all the distcp jobs launched as part of the schedule -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956
Yu-Wen Lai created HIVE-24837:
-
Summary: Upgrade httpclient to 4.5.13+ due to CVE-2020-13956
Key: HIVE-24837
URL: https://issues.apache.org/jira/browse/HIVE-24837
Project: Hive
Issue Type: Improvement
Reporter: Yu-Wen Lai
Assignee: Yu-Wen Lai
Hive is using httpclients 4.5.6. We will need to upgrade httpclient and
httpcore.
{quote}CVSSv2:
Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3:
Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2020-13956: Apache HttpClient incorrect handling of malformed
authority component in request URIs
Severity: Medium
Vendor:
The Apache Software Foundation
Versions Affected:
Apache HttpClient 4.5.12 and prior
Apache HttpClient 5.0.2 and prior
Description:
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can
misinterpret malformed authority component in request URIs passed to
the library as java.net.URI object and pick the wrong target host for
request execution.
Mitigation:
As of release 4.5.13 and 5.0.3 HttpClient will reject URIs with
ambiguous malformed authority component as invalid. Users of HttpClient
are advised to upgrade to version 4.5.13 or 5.0.3 and sanitize request
URIs when using java.net.URI as input.
Credit:
This issue was discovered and reported by Priyank Nigam
{quote}
Reference:
* [https://www.openwall.com/lists/oss-security/2020/10/08/4]
* [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956]
* [https://nvd.nist.gov/vuln/detail/CVE-2020-13956]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Created] (HIVE-24838) Reduce FS creation in Warehouse::getDnsPath for object stores
Rajesh Balamohan created HIVE-24838: --- Summary: Reduce FS creation in Warehouse::getDnsPath for object stores Key: HIVE-24838 URL: https://issues.apache.org/jira/browse/HIVE-24838 Project: Hive Issue Type: Improvement Reporter: Rajesh Balamohan Attachments: Screenshot 2021-03-02 at 11.09.01 AM.png [https://github.com/apache/hive/blob/master/standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/Warehouse.java#L143] Warehouse::getDnsPath gets invoked from multiple places (e.g getDatabase() etc). In certain cases like dynamic partition loads, lot of calls FS instantiation calls can be avoided for object stores. It would be good to check for BlobStorages and if so, it should be possible to avoid FS creation. [https://github.com/apache/hive/blob/master/common/src/java/org/apache/hadoop/hive/common/BlobStorageUtils.java#L33] !Screenshot 2021-03-02 at 11.09.01 AM.png|width=372,height=296! -- This message was sent by Atlassian Jira (v8.3.4#803005)
