Re: apache/hive security vulnerabilities.

2024-06-19 Thread Simhadri G 
Hi guys,

I checked for jackson-databind-2.4.0. It seems to be a transitive
dependency from htrace-core .

[image: image.png]


On Wed, Jun 19, 2024 at 8:29 PM Stamatis Zampetakis 
wrote:

> I am pretty sure that the old Jackson versions are shaded somewhere
> inside the jars of Hive dependencies. We probably need to inspect the
> contents of our binary distribution of Hive 4.0.0 and take corrective
> actions if needed.
>
> Best,
> Stamatis
>
> On Wed, Jun 19, 2024 at 4:35 PM Denys Kuzmenko 
> wrote:
> >
> > Hi Sreek,
> >
> > Oh, thanks! Ideally docker image should be build from Hive-4.0 branch
> artifacts via the GH action. Let me check, I just hope it wasn't manually
> uploaded
>

Re: apache/hive security vulnerabilities.

2024-06-19 Thread Stamatis Zampetakis 
I am pretty sure that the old Jackson versions are shaded somewhere
inside the jars of Hive dependencies. We probably need to inspect the
contents of our binary distribution of Hive 4.0.0 and take corrective
actions if needed.

Best,
Stamatis

On Wed, Jun 19, 2024 at 4:35 PM Denys Kuzmenko  wrote:
>
> Hi Sreek,
>
> Oh, thanks! Ideally docker image should be build from Hive-4.0 branch 
> artifacts via the GH action. Let me check, I just hope it wasn't manually 
> uploaded

Re: apache/hive security vulnerabilities.

2024-06-19 Thread Denys Kuzmenko 
Hi Sreek,

Oh, thanks! Ideally docker image should be build from Hive-4.0 branch artifacts 
via the GH action. Let me check, I just hope it wasn't manually uploaded

Re: apache/hive security vulnerabilities.

2024-06-19 Thread Iyer, Sreekanth 
Hi Denys

That's right. jackson-databind version 2.16.1 does not have any CVEs. I also 
saw that there was HIVE ticket to update to this version. [HIVE-28073] Upgrade 
jackson version to 2.16.1 - ASF JIRA 
(apache.org) . The ticket 
also mentions this was fixed in Hive 4.0.0.

But the docker image, that I downloaded from dockerhub - apache/hive Tags | 
Docker Hub shows that there are two 
old versions of the package in use within the image. (2.4.0 and 2.9.4)

[cid:4312c910-a81a-48cb-ab63-556c3541d39e]



Thanks
Regards
Sreek


From: Denys Kuzmenko 
Sent: Wednesday, June 19, 2024 6:06 PM
To: dev@hive.apache.org 
Subject: Re: apache/hive security vulnerabilities.

Caution: This is an external email. Verify any links or attachments before 
opening.


Hi,

Hive-4.0 use jackson-databind version 2.16.1. I don't see any CVEs reported in 
maven central for that artifact:
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmvnrepository.com%2Fartifact%2Fcom.fasterxml.jackson.core%2Fjackson-databind%2F2.16.1=05%7C02%7CSreekanth.Iyer%40verint.com%7C16e6ff111de249dc900408dc905c9ecf%7Cbb2ed304409949cfb081cbb7a3a580ca%7C0%7C0%7C638543974683935188%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=B8vz0jyrFgtlzJ81yq4QbMz29Kkovl%2BFh%2BS0blplAOk%3D=0


com.fasterxml.jackson
jackson-bom
2.16.1
pom
import




This electronic message may contain proprietary and confidential information of 
Verint Systems Inc., its affiliates and/or subsidiaries. The information is 
intended to be for the use of the individual(s) or entity(ies) named above. If 
you are not the intended recipient (or authorized to receive this e-mail for 
the intended recipient), you may not use, copy, disclose or distribute to 
anyone this message or any information contained in this message. If you have 
received this electronic message in error, please notify us by replying to this 
e-mail.

Re: apache/hive security vulnerabilities.

2024-06-19 Thread Denys Kuzmenko 
Hi,

Hive-4.0 use jackson-databind version 2.16.1. I don't see any CVEs reported in 
maven central for that artifact:
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.16.1


com.fasterxml.jackson
jackson-bom
2.16.1
pom
import

Re: Fwd: about hive4.0.0 error

2024-06-19 Thread Denys Kuzmenko 
Are you using MR execution mode? it was deprecated, see warning
"Hive-on-MR is deprecated in Hive 2 and may not be available in the future 
versions. Consider using a different execution engine"

On 2024/06/19 04:59:22 张三 wrote:
> -- Forwarded message -
> 发件人: 张三 
> Date: 2024年6月19日周三 12:55
> Subject: about hive4.0.0 error
> To: 
> 
> 
> Dear Hive team,
> 
> I encountered an issue while using the latest version of Hive, 4.0.0. I am
> not sure if this is a bug. The details are as follows: I am using Hadoop
> version 3.3.6 and have set up a fully distributed cluster. The Hive version
> is 4.0.0, with one master server and one client. Currently, I am connecting
> to Hive via the Beeline client. When executing a join in Hive, I
> encountered the following error:
> 
> ```
> 
> 0: jdbc:hive2://node1:1> SELECT emp.emp_id, emp.emp_name, dept.dept_name
> . . . . . . . . . . . . . .> FROM emp
> . . . . . . . . . . . . . .> JOIN dept ON  emp.dept_id = dept.dept_id;
> INFO  : Compiling
> command(queryId=root_20240619122107_48e50dbd-9e12-4743-9652-f266165811bc):
> SELECT emp.emp_id, emp.emp_name, dept.dept_name
> FROM emp
> JOIN dept ON  emp.dept_id = dept.dept_id
> INFO  : No Stats for default@emp, Columns: emp_name, dept_id, emp_id
> INFO  : No Stats for default@dept, Columns: dept_name, dept_id
> INFO  : Semantic Analysis Completed (retrial = false)
> INFO  : Created Hive schema:
> Schema(fieldSchemas:[FieldSchema(name:emp.emp_id, type:int, comment:null),
> FieldSchema(name:emp.emp_name, type:strin
> g, comment:null), FieldSchema(name:dept.dept_name, type:string,
> comment:null)], properties:null)INFO  : Completed compiling
> command(queryId=root_20240619122107_48e50dbd-9e12-4743-9652-f266165811bc);
> Time taken: 0.894 seconds
> INFO  : Concurrency mode is disabled, not creating a lock manager
> INFO  : Executing
> command(queryId=root_20240619122107_48e50dbd-9e12-4743-9652-f266165811bc):
> SELECT emp.emp_id, emp.emp_name, dept.dept_name
> FROM emp
> JOIN dept ON  emp.dept_id = dept.dept_id
> WARN  : Hive-on-MR is deprecated in Hive 2 and may not be available in the
> future versions. Consider using a different execution engine (i.e. tez
> ) or using Hive 1.X releases.INFO  : Query ID =
> root_20240619122107_48e50dbd-9e12-4743-9652-f266165811bc
> INFO  : Total jobs = 1
> INFO  : Starting task [Stage-4:MAPREDLOCAL] in serial mode
> ERROR : Execution failed with exit status: 1
> ERROR : Obtaining error information
> ERROR :
> Task failed!
> Task ID:
>   Stage-4
> 
> Logs:
> 
> ERROR : /tmp/root/hive.log
> ERROR : FAILED: Execution Error, return code 1 from
> org.apache.hadoop.hive.ql.exec.mr.MapredLocalTask
> INFO  : Completed executing
> command(queryId=root_20240619122107_48e50dbd-9e12-4743-9652-f266165811bc);
> Time taken: 4.461 seconds
> Error: Error while compiling statement: FAILED: Execution Error, return
> code 1 from org.apache.hadoop.hive.ql.exec.mr.MapredLocalTask (state=08S0
> 1,code=1)
> 
> ```
> 
>   I checked the log on the Hive server at /tmp/root/hive.log and found the
> following error information:
> 
> ```
> 
> 2024-06-19T11:22:56,454  INFO [NotificationEventPoll 0]
> HiveMetaStore.audit: ugi=root ip=unknown-ip-addr cmd=get_config_value:
> name=metast
> ore.batch.retrieve.max defaultValue=50 2024-06-19T11:23:01,656  INFO
> [Scheduled Query Poller] HiveMetaStore.audit: ugi=root ip=unknown-ip-addr
> cmd=scheduled_query_poll
> 2024-06-19T11:23:56,375  INFO [NotificationEventPoll 0]
> HiveMetaStore.audit: ugi=root ip=unknown-ip-addr cmd=get_config_value:
> name=metast
> ore.batch.retrieve.max defaultValue=50 2024-06-19T11:24:01,946  INFO
> [Scheduled Query Poller] HiveMetaStore.audit: ugi=root ip=unknown-ip-addr
> cmd=scheduled_query_poll
> 2024-06-19T11:24:56,373  INFO [NotificationEventPoll 0]
> HiveMetaStore.audit: ugi=root ip=unknown-ip-addr cmd=get_config_value:
> name=metast
> ore.batch.retrieve.max defaultValue=50 2024-06-19T11:25:02,197  INFO
> [Scheduled Query Poller] HiveMetaStore.audit: ugi=root ip=unknown-ip-addr
> cmd=scheduled_query_poll
> 2024-06-19T11:25:56,376  INFO [NotificationEventPoll 0]
> HiveMetaStore.audit: ugi=root ip=unknown-ip-addr cmd=get_config_value:
> name=metast
> ore.batch.retrieve.max defaultValue=50 2024-06-19T11:26:02,390  INFO
> [Scheduled Query Poller] HiveMetaStore.audit: ugi=root ip=unknown-ip-addr
> cmd=scheduled_query_poll
> 2024-06-19T11:26:56,373  INFO [NotificationEventPoll 0]
> HiveMetaStore.audit: ugi=root ip=unknown-ip-addr cmd=get_config_value:
> name=metast
> ore.batch.retrieve.max defaultValue=50 2024-06-19T11:27:02,660  INFO
> [Scheduled Query Poller] HiveMetaStore.audit: ugi=root ip=unknown-ip-addr
> cmd=scheduled_query_poll
> 2024-06-19T11:27:48,645  INFO [00b77a5e-7cec-4e10-a0ae-f94450a56ab0
> HiveServer2-Handler-Pool: Thread-54] session.HiveSessionImpl: executing
> SELEC
> T emp.emp_id, emp.emp_name, dept.dept_nameFROM emp
> JOIN dept ON  emp.dept_id = dept.dept_id
> 2024-06-19T11:27:48,654  INFO

Fwd: about hive4.0.0 error

2024-06-19 Thread 张三 
-- Forwarded message -
发件人: 张三 
Date: 2024年6月19日周三 12:55
Subject: about hive4.0.0 error
To: 


Dear Hive team,

I encountered an issue while using the latest version of Hive, 4.0.0. I am
not sure if this is a bug. The details are as follows: I am using Hadoop
version 3.3.6 and have set up a fully distributed cluster. The Hive version
is 4.0.0, with one master server and one client. Currently, I am connecting
to Hive via the Beeline client. When executing a join in Hive, I
encountered the following error:

```

0: jdbc:hive2://node1:1> SELECT emp.emp_id, emp.emp_name, dept.dept_name
. . . . . . . . . . . . . .> FROM emp
. . . . . . . . . . . . . .> JOIN dept ON  emp.dept_id = dept.dept_id;
INFO  : Compiling
command(queryId=root_20240619122107_48e50dbd-9e12-4743-9652-f266165811bc):
SELECT emp.emp_id, emp.emp_name, dept.dept_name
FROM emp
JOIN dept ON  emp.dept_id = dept.dept_id
INFO  : No Stats for default@emp, Columns: emp_name, dept_id, emp_id
INFO  : No Stats for default@dept, Columns: dept_name, dept_id
INFO  : Semantic Analysis Completed (retrial = false)
INFO  : Created Hive schema:
Schema(fieldSchemas:[FieldSchema(name:emp.emp_id, type:int, comment:null),
FieldSchema(name:emp.emp_name, type:strin
g, comment:null), FieldSchema(name:dept.dept_name, type:string,
comment:null)], properties:null)INFO  : Completed compiling
command(queryId=root_20240619122107_48e50dbd-9e12-4743-9652-f266165811bc);
Time taken: 0.894 seconds
INFO  : Concurrency mode is disabled, not creating a lock manager
INFO  : Executing
command(queryId=root_20240619122107_48e50dbd-9e12-4743-9652-f266165811bc):
SELECT emp.emp_id, emp.emp_name, dept.dept_name
FROM emp
JOIN dept ON  emp.dept_id = dept.dept_id
WARN  : Hive-on-MR is deprecated in Hive 2 and may not be available in the
future versions. Consider using a different execution engine (i.e. tez
) or using Hive 1.X releases.INFO  : Query ID =
root_20240619122107_48e50dbd-9e12-4743-9652-f266165811bc
INFO  : Total jobs = 1
INFO  : Starting task [Stage-4:MAPREDLOCAL] in serial mode
ERROR : Execution failed with exit status: 1
ERROR : Obtaining error information
ERROR :
Task failed!
Task ID:
  Stage-4

Logs:

ERROR : /tmp/root/hive.log
ERROR : FAILED: Execution Error, return code 1 from
org.apache.hadoop.hive.ql.exec.mr.MapredLocalTask
INFO  : Completed executing
command(queryId=root_20240619122107_48e50dbd-9e12-4743-9652-f266165811bc);
Time taken: 4.461 seconds
Error: Error while compiling statement: FAILED: Execution Error, return
code 1 from org.apache.hadoop.hive.ql.exec.mr.MapredLocalTask (state=08S0
1,code=1)

```

  I checked the log on the Hive server at /tmp/root/hive.log and found the
following error information:

```

2024-06-19T11:22:56,454  INFO [NotificationEventPoll 0]
HiveMetaStore.audit: ugi=root ip=unknown-ip-addr cmd=get_config_value:
name=metast
ore.batch.retrieve.max defaultValue=50 2024-06-19T11:23:01,656  INFO
[Scheduled Query Poller] HiveMetaStore.audit: ugi=root ip=unknown-ip-addr
cmd=scheduled_query_poll
2024-06-19T11:23:56,375  INFO [NotificationEventPoll 0]
HiveMetaStore.audit: ugi=root ip=unknown-ip-addr cmd=get_config_value:
name=metast
ore.batch.retrieve.max defaultValue=50 2024-06-19T11:24:01,946  INFO
[Scheduled Query Poller] HiveMetaStore.audit: ugi=root ip=unknown-ip-addr
cmd=scheduled_query_poll
2024-06-19T11:24:56,373  INFO [NotificationEventPoll 0]
HiveMetaStore.audit: ugi=root ip=unknown-ip-addr cmd=get_config_value:
name=metast
ore.batch.retrieve.max defaultValue=50 2024-06-19T11:25:02,197  INFO
[Scheduled Query Poller] HiveMetaStore.audit: ugi=root ip=unknown-ip-addr
cmd=scheduled_query_poll
2024-06-19T11:25:56,376  INFO [NotificationEventPoll 0]
HiveMetaStore.audit: ugi=root ip=unknown-ip-addr cmd=get_config_value:
name=metast
ore.batch.retrieve.max defaultValue=50 2024-06-19T11:26:02,390  INFO
[Scheduled Query Poller] HiveMetaStore.audit: ugi=root ip=unknown-ip-addr
cmd=scheduled_query_poll
2024-06-19T11:26:56,373  INFO [NotificationEventPoll 0]
HiveMetaStore.audit: ugi=root ip=unknown-ip-addr cmd=get_config_value:
name=metast
ore.batch.retrieve.max defaultValue=50 2024-06-19T11:27:02,660  INFO
[Scheduled Query Poller] HiveMetaStore.audit: ugi=root ip=unknown-ip-addr
cmd=scheduled_query_poll
2024-06-19T11:27:48,645  INFO [00b77a5e-7cec-4e10-a0ae-f94450a56ab0
HiveServer2-Handler-Pool: Thread-54] session.HiveSessionImpl: executing
SELEC
T emp.emp_id, emp.emp_name, dept.dept_nameFROM emp
JOIN dept ON  emp.dept_id = dept.dept_id
2024-06-19T11:27:48,654  INFO [00b77a5e-7cec-4e10-a0ae-f94450a56ab0
HiveServer2-Handler-Pool: Thread-54] operation.OperationManager: Adding
opera
tion: OperationHandle [opType=EXECUTE_STATEMENT,
getHandleIdentifier()=9c5817e6-131a-4e60-bfe3-faa066a61119] SessionHandle
[00b77a5e-7cec-4e10-a0ae-f94450a56ab0]2024-06-19T11:27:48,654  INFO
[00b77a5e-7cec-4e10-a0ae-f94450a56ab0 HiveServer2-Handler-Pool: Thread-54]
common.LogUtils: Thread context registra
tion is done.2024-06-19T11:27:48,654  INFO