Upgrade Hive Dependency in Hive Import/Export plugins in CDAP Hub
Description
Release Notes
The Hive Bulk Export and Hive Bulk Import plugins (version 1.9.0-1.1.0) are available in the CDAP Hub versions 6.5.1, 6.6.0, and 6.7.1 with the following changes:
PLUGIN-1294: Upgraded the hive-jdbc dependency in hive-plugins to 2.3.3, which resolves a security vulnerability in org.apache.hive:hive-jdbc (CVE-2018-1282 for SQL injection).
Note: The Hive JDBC driver 2.3.3 is not backward compatible. You must upgrade your Hive Server to 2.3.3 to use the Hive Bulk Export and Hive Bulk Import plugins version 1.9.0-1.1.0. For more information, see Apache note for CVE-2018-1282.
Attachments
1
Activity
Show:
Ankit Jain September 24, 2022 at 6:42 AMEdited
Hence, we don’t need to remove the plugin from hub and release a new minor version i.e. 1.9.0-1.1.0 in 6.8.x.
Ankit Jain September 24, 2022 at 6:41 AM
Upgraded the hive-jdbc dependency in hive-plugins to 2.3.3 -
Ankit Jain September 21, 2022 at 7:19 AMEdited
Had a discussion with , we have two action items if either one works we are good,
Deprecate both Hive Import and Export in 6.7.2. Add documentation to indicate:
Use Database Actions with the documented SQL command (insert update…)
That the plugins will be removed in 6.8.0
Test upgrade of hive-jdbc dependency to 2.3.3
Unresolved
Pinned fields
Click on the next to a field label to start pinning.
Created June 14, 2022 at 4:31 PM
Updated October 4, 2022 at 8:49 PM
Due to a security vulnerability in org.apache.hive:hive-jdbc (CVE-2018-1282 for SQL injection), we need to remove the Hive Import/Export plugins from the CDAP Hub and CDF Hub.