Hi KIran, We are actively working on fixing CVE's and adding new features to Hive 3.x release chain. Please note that the next release which will address all these issues will not be 3.1.x. It will be 3.2.0.
JIRA for tracking progress - [HIVE-26748] Prepare for Hive 3.2.0 Release - ASF JIRA (apache.org)<https://issues.apache.org/jira/browse/HIVE-26748> Thanks, Aman. ________________________________ From: Naveen Gangam <[email protected]> Sent: Monday, June 5, 2023 11:27 PM To: Kiran Shridhar <[email protected]> Cc: Stamatis Zampetakis <[email protected]>; [email protected] <[email protected]> Subject: [EXTERNAL] Re: when to expect next apache hive-exec 3.1.x addressing security fixes? Hi Kiran, Aman Raj is managing a 3.x release with some of these CVEs addressed and rebasing some dependencies as well. Please reach out to him for tentative timelines. Thank you Naveen On Mon, Jun 5, 2023 at 6:39 AM Kiran Shridhar via security <[email protected]<mailto:[email protected]>> wrote: Thanks for the quick response. Posting it to the user mailing list to ask the same question. -Kiran On Mon, 5 Jun 2023 at 11:18, Stamatis Zampetakis <[email protected]<mailto:[email protected]>> wrote: [ External sender. Exercise caution. ] Hi Kiran, This list is not appropriate for asking questions. Please use user@ or dev@ for getting insights about the roadmap. Best, Stamatis On Mon, Jun 5, 2023 at 12:03 PM Kiran Shridhar via security <[email protected]<mailto:[email protected]>> wrote: > > Per https://mvnrepository.com/artifact/org.apache.hive/hive-exec/3.1.3, this > version suffers from several CVEs, some of which are critical. I see 4.0.0 is > actively addressing some of these. Should we expect these fixes backported to > 3.1.x branch? If so, any estimated timelines? > > Thanks, > -Kiran
