[jira] [Commented] (HIVE-20659) Update commons-compress to 1.18 due to security issues
[ https://issues.apache.org/jira/browse/HIVE-20659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16653966#comment-16653966 ] Bharathkrishna Guruvayoor Murali commented on HIVE-20659: - Thanks for the review. > Update commons-compress to 1.18 due to security issues > -- > > Key: HIVE-20659 > URL: https://issues.apache.org/jira/browse/HIVE-20659 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 1.2.1, 3.0.0, 2.3.2, 3.1.0 >Reporter: Jörn Franke >Assignee: Bharathkrishna Guruvayoor Murali >Priority: Critical > Attachments: HIVE-20659.1.patch > > > Currently most Hive version depends on commons-compress 1.9 or 1.4. Those > versions have several security issues: > [https://commons.apache.org/proper/commons-compress/security-reports.html] > I propose to upgrade all commons-compress dependencies in all Hive > (sub-)projects to at least 1.18. This will also make it easier for future > extensions to Hive (serde, udfs, etc.) that have dependencies to > commons-compress (e.g. [https://github.com/zuinnote/hadoopoffice/wiki)] to > integrate into Hive without upgrading the commons-compress library manually > in the Hive lib folder. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20659) Update commons-compress to 1.18 due to security issues
[ https://issues.apache.org/jira/browse/HIVE-20659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16653946#comment-16653946 ] Andrew Sherman commented on HIVE-20659: --- Pushed to master, thanks [~bharos92] > Update commons-compress to 1.18 due to security issues > -- > > Key: HIVE-20659 > URL: https://issues.apache.org/jira/browse/HIVE-20659 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 1.2.1, 3.0.0, 2.3.2, 3.1.0 >Reporter: Jörn Franke >Assignee: Bharathkrishna Guruvayoor Murali >Priority: Critical > Attachments: HIVE-20659.1.patch > > > Currently most Hive version depends on commons-compress 1.9 or 1.4. Those > versions have several security issues: > [https://commons.apache.org/proper/commons-compress/security-reports.html] > I propose to upgrade all commons-compress dependencies in all Hive > (sub-)projects to at least 1.18. This will also make it easier for future > extensions to Hive (serde, udfs, etc.) that have dependencies to > commons-compress (e.g. [https://github.com/zuinnote/hadoopoffice/wiki)] to > integrate into Hive without upgrading the commons-compress library manually > in the Hive lib folder. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20659) Update commons-compress to 1.18 due to security issues
[ https://issues.apache.org/jira/browse/HIVE-20659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16652368#comment-16652368 ] Andrew Sherman commented on HIVE-20659: --- +1 LGTM > Update commons-compress to 1.18 due to security issues > -- > > Key: HIVE-20659 > URL: https://issues.apache.org/jira/browse/HIVE-20659 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 1.2.1, 3.0.0, 2.3.2, 3.1.0 >Reporter: Jörn Franke >Assignee: Bharathkrishna Guruvayoor Murali >Priority: Critical > Attachments: HIVE-20659.1.patch > > > Currently most Hive version depends on commons-compress 1.9 or 1.4. Those > versions have several security issues: > [https://commons.apache.org/proper/commons-compress/security-reports.html] > I propose to upgrade all commons-compress dependencies in all Hive > (sub-)projects to at least 1.18. This will also make it easier for future > extensions to Hive (serde, udfs, etc.) that have dependencies to > commons-compress (e.g. [https://github.com/zuinnote/hadoopoffice/wiki)] to > integrate into Hive without upgrading the commons-compress library manually > in the Hive lib folder. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20659) Update commons-compress to 1.18 due to security issues
[ https://issues.apache.org/jira/browse/HIVE-20659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16649133#comment-16649133 ] Hive QA commented on HIVE-20659: Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12943573/HIVE-20659.1.patch {color:red}ERROR:{color} -1 due to no test(s) being added or modified. {color:green}SUCCESS:{color} +1 due to 15079 tests passed Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/14417/testReport Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/14417/console Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-14417/ Messages: {noformat} Executing org.apache.hive.ptest.execution.TestCheckPhase Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.YetusPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase {noformat} This message is automatically generated. ATTACHMENT ID: 12943573 - PreCommit-HIVE-Build > Update commons-compress to 1.18 due to security issues > -- > > Key: HIVE-20659 > URL: https://issues.apache.org/jira/browse/HIVE-20659 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 1.2.1, 3.0.0, 2.3.2, 3.1.0 >Reporter: Jörn Franke >Assignee: Bharathkrishna Guruvayoor Murali >Priority: Critical > Attachments: HIVE-20659.1.patch > > > Currently most Hive version depends on commons-compress 1.9 or 1.4. Those > versions have several security issues: > [https://commons.apache.org/proper/commons-compress/security-reports.html] > I propose to upgrade all commons-compress dependencies in all Hive > (sub-)projects to at least 1.18. This will also make it easier for future > extensions to Hive (serde, udfs, etc.) that have dependencies to > commons-compress (e.g. [https://github.com/zuinnote/hadoopoffice/wiki)] to > integrate into Hive without upgrading the commons-compress library manually > in the Hive lib folder. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20659) Update commons-compress to 1.18 due to security issues
[ https://issues.apache.org/jira/browse/HIVE-20659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16649125#comment-16649125 ] Hive QA commented on HIVE-20659: | (/) *{color:green}+1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | || || || || {color:brown} master Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 8m 3s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 6m 3s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 6m 30s{color} | {color:green} master passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 6m 27s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 6m 0s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 6m 0s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m 1s{color} | {color:green} The patch has no ill-formed XML file. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 6m 42s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 12s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 40m 23s{color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Optional Tests | asflicense javac javadoc xml compile | | uname | Linux hiveptest-server-upstream 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux | | Build tool | maven | | Personality | /data/hiveptest/working/yetus_PreCommit-HIVE-Build-14417/dev-support/hive-personality.sh | | git revision | master / 87414f3 | | Default Java | 1.8.0_111 | | modules | C: . U: . | | Console output | http://104.198.109.242/logs//PreCommit-HIVE-Build-14417/yetus.txt | | Powered by | Apache Yetushttp://yetus.apache.org | This message was automatically generated. > Update commons-compress to 1.18 due to security issues > -- > > Key: HIVE-20659 > URL: https://issues.apache.org/jira/browse/HIVE-20659 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 1.2.1, 3.0.0, 2.3.2, 3.1.0 >Reporter: Jörn Franke >Assignee: Bharathkrishna Guruvayoor Murali >Priority: Critical > Attachments: HIVE-20659.1.patch > > > Currently most Hive version depends on commons-compress 1.9 or 1.4. Those > versions have several security issues: > [https://commons.apache.org/proper/commons-compress/security-reports.html] > I propose to upgrade all commons-compress dependencies in all Hive > (sub-)projects to at least 1.18. This will also make it easier for future > extensions to Hive (serde, udfs, etc.) that have dependencies to > commons-compress (e.g. [https://github.com/zuinnote/hadoopoffice/wiki)] to > integrate into Hive without upgrading the commons-compress library manually > in the Hive lib folder. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20659) Update commons-compress to 1.18 due to security issues
[ https://issues.apache.org/jira/browse/HIVE-20659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16635056#comment-16635056 ] Bharathkrishna Guruvayoor Murali commented on HIVE-20659: - Should we be making changes on all the versions, or just in the current (4.0)? I can take this up if nobody is working on it. > Update commons-compress to 1.18 due to security issues > -- > > Key: HIVE-20659 > URL: https://issues.apache.org/jira/browse/HIVE-20659 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 1.2.1, 3.0.0, 2.3.2, 3.1.0 >Reporter: Jörn Franke >Priority: Critical > > Currently most Hive version depends on commons-compress 1.9 or 1.4. Those > versions have several security issues: > [https://commons.apache.org/proper/commons-compress/security-reports.html] > I propose to upgrade all commons-compress dependencies in all Hive > (sub-)projects to at least 1.18. This will also make it easier for future > extensions to Hive (serde, udfs, etc.) that have dependencies to > commons-compress (e.g. [https://github.com/zuinnote/hadoopoffice/wiki)] to > integrate into Hive without upgrading the commons-compress library manually > in the Hive lib folder. -- This message was sent by Atlassian JIRA (v7.6.3#76005)