[ https://issues.apache.org/jira/browse/HIVE-28065?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on HIVE-28065 started by Araika Singh. ------------------------------------------- > Upgrade Bouncy castle to bcprov-jdk18on 1.77 > -------------------------------------------- > > Key: HIVE-28065 > URL: https://issues.apache.org/jira/browse/HIVE-28065 > Project: Hive > Issue Type: Bug > Reporter: Araika Singh > Assignee: Araika Singh > Priority: Major > Labels: pull-request-available > > For Bouncy Castle for java before 1.74(excluding), it was discovered that > there was a potential LDAP injection. During the certificate validation > process, bouncycastle used the certificate's "Subject Name" into an LDAP > search filter without any escaping. > https://nvd.nist.gov/vuln/detail/CVE-2023-33201 -- This message was sent by Atlassian Jira (v8.20.10#820010)