[SECURITY] CVE-2018-1315 'COPY FROM FTP' statement in HPL/SQL can write to arbitrary location if the FTP server is compromised

CVE-2018-1315: 'COPY FROM FTP' statement in HPL/SQL can write to arbitrary location if the FTP server is compromised Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Hive 2.1.0 to 2.3.2 Description: When 'COPY FROM FTP' statement is run using HPL/SQL extension to

[SECURITY] CVE-2018-1284: Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access arbitrary files

CVE-2018-1284: Hive UDF series UDFXPath allow users to pass carefully crafted XML to access arbitrary files Severity: Important Vendor: The Apache Software Foundation Versions Affected: This vulnerability affects all versions from 0.6.0 Description: Malicious user might use any xpath UDFs

[SECURITY] CVE-2018-1282 JDBC driver is susceptible to SQL injection attack if the input parameters are not properly cleaned

CVE-2018-1282: JDBC driver is susceptible to SQL injection attack if the input parameters are not properly cleaned Severity: Important Vendor: The Apache Software Foundation Versions Affected: This vulnerability affects all versions of Hive JDBC driver from 0.7.1 Description: This

[ANNOUNCE] Apache Qpid Proton 0.22.0 released

The Apache Qpid (http://qpid.apache.org) community is pleased to announce the immediate availability of Apache Qpid Proton 0.22.0. Apache Qpid Proton is a messaging library for the Advanced Message Queuing Protocol 1.0 (AMQP 1.0, ISO/IEC 19464, http://www.amqp.org). It can be used in a wide range