[jira] [Commented] (HIVE-20659) Update commons-compress to 1.18 due to security issues
[ https://issues.apache.org/jira/browse/HIVE-20659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16653966#comment-16653966 ] Bharathkrishna Guruvayoor Murali commented on HIVE-20659: - Thanks for the review. > Update commons-compress to 1.18 due to security issues > -- > > Key: HIVE-20659 > URL: https://issues.apache.org/jira/browse/HIVE-20659 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 1.2.1, 3.0.0, 2.3.2, 3.1.0 >Reporter: Jörn Franke >Assignee: Bharathkrishna Guruvayoor Murali >Priority: Critical > Attachments: HIVE-20659.1.patch > > > Currently most Hive version depends on commons-compress 1.9 or 1.4. Those > versions have several security issues: > [https://commons.apache.org/proper/commons-compress/security-reports.html] > I propose to upgrade all commons-compress dependencies in all Hive > (sub-)projects to at least 1.18. This will also make it easier for future > extensions to Hive (serde, udfs, etc.) that have dependencies to > commons-compress (e.g. [https://github.com/zuinnote/hadoopoffice/wiki)] to > integrate into Hive without upgrading the commons-compress library manually > in the Hive lib folder. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20659) Update commons-compress to 1.18 due to security issues
[ https://issues.apache.org/jira/browse/HIVE-20659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16653946#comment-16653946 ] Andrew Sherman commented on HIVE-20659: --- Pushed to master, thanks [~bharos92] > Update commons-compress to 1.18 due to security issues > -- > > Key: HIVE-20659 > URL: https://issues.apache.org/jira/browse/HIVE-20659 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 1.2.1, 3.0.0, 2.3.2, 3.1.0 >Reporter: Jörn Franke >Assignee: Bharathkrishna Guruvayoor Murali >Priority: Critical > Attachments: HIVE-20659.1.patch > > > Currently most Hive version depends on commons-compress 1.9 or 1.4. Those > versions have several security issues: > [https://commons.apache.org/proper/commons-compress/security-reports.html] > I propose to upgrade all commons-compress dependencies in all Hive > (sub-)projects to at least 1.18. This will also make it easier for future > extensions to Hive (serde, udfs, etc.) that have dependencies to > commons-compress (e.g. [https://github.com/zuinnote/hadoopoffice/wiki)] to > integrate into Hive without upgrading the commons-compress library manually > in the Hive lib folder. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20659) Update commons-compress to 1.18 due to security issues
[ https://issues.apache.org/jira/browse/HIVE-20659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16652368#comment-16652368 ] Andrew Sherman commented on HIVE-20659: --- +1 LGTM > Update commons-compress to 1.18 due to security issues > -- > > Key: HIVE-20659 > URL: https://issues.apache.org/jira/browse/HIVE-20659 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 1.2.1, 3.0.0, 2.3.2, 3.1.0 >Reporter: Jörn Franke >Assignee: Bharathkrishna Guruvayoor Murali >Priority: Critical > Attachments: HIVE-20659.1.patch > > > Currently most Hive version depends on commons-compress 1.9 or 1.4. Those > versions have several security issues: > [https://commons.apache.org/proper/commons-compress/security-reports.html] > I propose to upgrade all commons-compress dependencies in all Hive > (sub-)projects to at least 1.18. This will also make it easier for future > extensions to Hive (serde, udfs, etc.) that have dependencies to > commons-compress (e.g. [https://github.com/zuinnote/hadoopoffice/wiki)] to > integrate into Hive without upgrading the commons-compress library manually > in the Hive lib folder. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20659) Update commons-compress to 1.18 due to security issues
[
https://issues.apache.org/jira/browse/HIVE-20659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16649133#comment-16649133
]
Hive QA commented on HIVE-20659:
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12943573/HIVE-20659.1.patch
{color:red}ERROR:{color} -1 due to no test(s) being added or modified.
{color:green}SUCCESS:{color} +1 due to 15079 tests passed
Test results:
https://builds.apache.org/job/PreCommit-HIVE-Build/14417/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/14417/console
Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-14417/
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.YetusPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12943573 - PreCommit-HIVE-Build
> Update commons-compress to 1.18 due to security issues
> --
>
> Key: HIVE-20659
> URL: https://issues.apache.org/jira/browse/HIVE-20659
> Project: Hive
> Issue Type: Bug
> Components: Hive
>Affects Versions: 1.2.1, 3.0.0, 2.3.2, 3.1.0
>Reporter: Jörn Franke
>Assignee: Bharathkrishna Guruvayoor Murali
>Priority: Critical
> Attachments: HIVE-20659.1.patch
>
>
> Currently most Hive version depends on commons-compress 1.9 or 1.4. Those
> versions have several security issues:
> [https://commons.apache.org/proper/commons-compress/security-reports.html]
> I propose to upgrade all commons-compress dependencies in all Hive
> (sub-)projects to at least 1.18. This will also make it easier for future
> extensions to Hive (serde, udfs, etc.) that have dependencies to
> commons-compress (e.g. [https://github.com/zuinnote/hadoopoffice/wiki)] to
> integrate into Hive without upgrading the commons-compress library manually
> in the Hive lib folder.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (HIVE-20659) Update commons-compress to 1.18 due to security issues
[
https://issues.apache.org/jira/browse/HIVE-20659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16649125#comment-16649125
]
Hive QA commented on HIVE-20659:
| (/) *{color:green}+1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
|| || || || {color:brown} Prechecks {color} ||
| {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m
0s{color} | {color:green} The patch does not contain any @author tags. {color} |
|| || || || {color:brown} master Compile Tests {color} ||
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 8m
3s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 6m
3s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 6m
30s{color} | {color:green} master passed {color} |
|| || || || {color:brown} Patch Compile Tests {color} ||
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 6m
27s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 6m
0s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 6m
0s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m
0s{color} | {color:green} The patch has no whitespace issues. {color} |
| {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m
1s{color} | {color:green} The patch has no ill-formed XML file. {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 6m
42s{color} | {color:green} the patch passed {color} |
|| || || || {color:brown} Other Tests {color} ||
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m
12s{color} | {color:green} The patch does not generate ASF License warnings.
{color} |
| {color:black}{color} | {color:black} {color} | {color:black} 40m 23s{color} |
{color:black} {color} |
\\
\\
|| Subsystem || Report/Notes ||
| Optional Tests | asflicense javac javadoc xml compile |
| uname | Linux hiveptest-server-upstream 3.16.0-4-amd64 #1 SMP Debian
3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux |
| Build tool | maven |
| Personality |
/data/hiveptest/working/yetus_PreCommit-HIVE-Build-14417/dev-support/hive-personality.sh
|
| git revision | master / 87414f3 |
| Default Java | 1.8.0_111 |
| modules | C: . U: . |
| Console output |
http://104.198.109.242/logs//PreCommit-HIVE-Build-14417/yetus.txt |
| Powered by | Apache Yetushttp://yetus.apache.org |
This message was automatically generated.
> Update commons-compress to 1.18 due to security issues
> --
>
> Key: HIVE-20659
> URL: https://issues.apache.org/jira/browse/HIVE-20659
> Project: Hive
> Issue Type: Bug
> Components: Hive
>Affects Versions: 1.2.1, 3.0.0, 2.3.2, 3.1.0
>Reporter: Jörn Franke
>Assignee: Bharathkrishna Guruvayoor Murali
>Priority: Critical
> Attachments: HIVE-20659.1.patch
>
>
> Currently most Hive version depends on commons-compress 1.9 or 1.4. Those
> versions have several security issues:
> [https://commons.apache.org/proper/commons-compress/security-reports.html]
> I propose to upgrade all commons-compress dependencies in all Hive
> (sub-)projects to at least 1.18. This will also make it easier for future
> extensions to Hive (serde, udfs, etc.) that have dependencies to
> commons-compress (e.g. [https://github.com/zuinnote/hadoopoffice/wiki)] to
> integrate into Hive without upgrading the commons-compress library manually
> in the Hive lib folder.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (HIVE-20659) Update commons-compress to 1.18 due to security issues
[ https://issues.apache.org/jira/browse/HIVE-20659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16635056#comment-16635056 ] Bharathkrishna Guruvayoor Murali commented on HIVE-20659: - Should we be making changes on all the versions, or just in the current (4.0)? I can take this up if nobody is working on it. > Update commons-compress to 1.18 due to security issues > -- > > Key: HIVE-20659 > URL: https://issues.apache.org/jira/browse/HIVE-20659 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 1.2.1, 3.0.0, 2.3.2, 3.1.0 >Reporter: Jörn Franke >Priority: Critical > > Currently most Hive version depends on commons-compress 1.9 or 1.4. Those > versions have several security issues: > [https://commons.apache.org/proper/commons-compress/security-reports.html] > I propose to upgrade all commons-compress dependencies in all Hive > (sub-)projects to at least 1.18. This will also make it easier for future > extensions to Hive (serde, udfs, etc.) that have dependencies to > commons-compress (e.g. [https://github.com/zuinnote/hadoopoffice/wiki)] to > integrate into Hive without upgrading the commons-compress library manually > in the Hive lib folder. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
