[jira] [Commented] (HIVE-28041) Upgrade jetty to 9.4.53 due to CVE-2023-44487

Anmol Sundaram (Jira) Wed, 31 Jan 2024 19:04:04 -0800


    [ 
https://issues.apache.org/jira/browse/HIVE-28041?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17813019#comment-17813019
 ]


Anmol Sundaram commented on HIVE-28041:
---------------------------------------

Hive currently uses Apache DirServer 1.5.7, which is not compatible with Jetty 
9.4.53.

The Apache DirServer version compatible with this Jetty upgrade is 2.0.0.AM25+. 
Unfortunately, the tests failing upon using Apache DirServer 2.0.0.AM25 is 
genuine and caused by what seems to be a change in behaviour. Lodged a Jira to 
DirServer here - 
[DIRSERVER-2386|https://issues.apache.org/jira/browse/DIRSERVER-2386]

> Upgrade jetty to 9.4.53 due to CVE-2023-44487
> ---------------------------------------------
>
>                 Key: HIVE-28041
>                 URL: https://issues.apache.org/jira/browse/HIVE-28041
>             Project: Hive
>          Issue Type: Task
>          Components: Hive
>            Reporter: Anmol Sundaram
>            Priority: Major
>              Labels: pull-request-available
>
> At the time of raising this, Hadoop also uses Jetty 9.4.53
> Ref - https://github.com/apache/hadoop/blob/trunk/hadoop-project/pom.xml#L40



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (HIVE-28041) Upgrade jetty to 9.4.53 due to CVE-2023-44487

Reply via email to