[JIRA] (PLUGIN-1294) Remove Hive Import/Export plugins from the CDAP Hub

14 views
Skip to first unread message

Robin Rielley (Jira)

unread,
Jun 14, 2022, 12:31:24 PM6/14/22
to cdap...@googlegroups.com
Robin Rielley created an issue
 
CDAP Plugins / Bug PLUGIN-1294
Remove Hive Import/Export plugins from the CDAP Hub
Issue Type: Bug Bug
Affects Versions: 6.6.0, 6.5.1, 6.7.0
Assignee: Amit Virmani
Attachments: Screen Shot 2022-06-14 at 9.26.18 AM.png
Components: actions
Created: 14/Jun/22 9:31 AM
Fix Versions: 6.7.1
Priority: Major Major
Reporter: Robin Rielley

Due to a security vulnerability in org.apache.hive:hive-jdbc (CVE-2018-1282 for SQL injection), we need to remove the Hive Import/Export plugins from the CDAP Hub and CDF Hub.
Add Comment Add Comment
 
Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS
This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100200-sha1:68eb57f)
Atlassian logo

Ankit Jain (Jira)

unread,
Sep 21, 2022, 3:19:15 AM9/21/22
to cdap...@googlegroups.com
Ankit Jain commented on Bug PLUGIN-1294
 
Re: Remove Hive Import/Export plugins from the CDAP Hub

Had a discussion with Bhooshan Mogal , we have two action items if either one works we are good,

  • Deprecate both Hive Import and Export in 6.7.2. Add documentation to indicate:
    • Use Database Actions with the documented SQL command (insert update…)
    • That the plugins will be removed in 6.8.0
  • Test upgrade of hive-jdbc dependency to 3.1.3
Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS
This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100207-sha1:a65942b)
Atlassian logo

Ankit Jain (Jira)

unread,
Sep 23, 2022, 5:53:36 AM9/23/22
to cdap...@googlegroups.com
Ankit Jain edited a comment on Bug PLUGIN-1294
Had a discussion with [~accountid:5ce6ec2c344d8f0e3fbab57e] , we have two action items if either one works we are good,

* Deprecate both Hive Import and Export in 6.7.2. Add documentation to indicate:
** Use Database Actions with the documented SQL command (insert update…)
** That the plugins will be removed in 6.8.0
* Test upgrade of hive-jdbc dependency to 2. 3.1.3
Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS
This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100207-sha1:4756b15)
Atlassian logo

Ankit Jain (Jira)

unread,
Sep 24, 2022, 2:41:26 AM9/24/22
to cdap...@googlegroups.com

Upgraded the hive-jdbc dependency in hive-plugins to 2.3.3 - https://github.com/data-integrations/hive-plugins/pull/17

Ankit Jain (Jira)

unread,
Sep 24, 2022, 2:43:00 AM9/24/22
to cdap...@googlegroups.com

Hence, we don’t need to remove the plugin from hub and release a new minor version in 6.8.

Ankit Jain (Jira)

unread,
Sep 24, 2022, 2:44:03 AM9/24/22
to cdap...@googlegroups.com
Ankit Jain edited a comment on Bug PLUGIN-1294
Hence, we don’t need to remove the plugin from hub and release a new minor version i.e. {{1.9.0-1.1.0}} in {{ 6.8.x}}.
Reply all
Reply to author
Forward
0 new messages