[jira] [Commented] (HIVE-26423) Make commons-pool2 an explicit dependency (and upgrade to 2.11.1)
[ https://issues.apache.org/jira/browse/HIVE-26423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17570289#comment-17570289 ] Ayush Saxena commented on HIVE-26423: - Merged to master. Thanx [~jfs] for the contribution!!! > Make commons-pool2 an explicit dependency (and upgrade to 2.11.1) > - > > Key: HIVE-26423 > URL: https://issues.apache.org/jira/browse/HIVE-26423 > Project: Hive > Issue Type: Bug > Components: HiveServer2 >Reporter: John Sherman >Assignee: John Sherman >Priority: Major > Labels: pull-request-available > Time Spent: 40m > Remaining Estimate: 0h > > HIVE-26242 started using the commons-pool2 which is getting pulled in a > transitive dependency through commons-dbcp2 or calcite-core. It would be > better to make it an explicit dependency to ensure it gets packaged properly > and/or things do not suddenly break if the transitive dependencies change. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (HIVE-26423) Make commons-pool2 an explicit dependency
[ https://issues.apache.org/jira/browse/HIVE-26423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17570207#comment-17570207 ] John Sherman commented on HIVE-26423: - The patch makes the dependency version 2.11.1 -> the original version being transitively imported was 2.7.0. I went with the newest version since I saw no issues with it and to attempt to be safe from a CVE standpoint. > Make commons-pool2 an explicit dependency > - > > Key: HIVE-26423 > URL: https://issues.apache.org/jira/browse/HIVE-26423 > Project: Hive > Issue Type: Bug > Components: HiveServer2 >Reporter: John Sherman >Assignee: John Sherman >Priority: Major > Labels: pull-request-available > Time Spent: 20m > Remaining Estimate: 0h > > HIVE-26242 started using the commons-pool2 which is getting pulled in a > transitive dependency through commons-dbcp2 or calcite-core. It would be > better to make it an explicit dependency to ensure it gets packaged properly > and/or things do not suddenly break if the transitive dependencies change. -- This message was sent by Atlassian Jira (v8.20.10#820010)
