Skip to content

Fix CVE: Cloudera Hive #3135

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 4, 2025
Merged

Fix CVE: Cloudera Hive #3135

merged 1 commit into from
Dec 4, 2025
+34 −33

Conversation

@Trianz-Akshay
Copy link
Contributor

@Trianz-Akshay Trianz-Akshay commented Dec 2, 2025

Issue #, if available:

Description of changes:
Addressed below CVEs:

CVE-2023-44981: Apache ZooKeeper vulnerability allowing unauthorized endpoints to join a cluster when SASL Quorum Peer authentication is enabled.
CVE-2024-23944: Apache ZooKeeper information disclosure vulnerability in persistent watchers due to missing ACL check.

Changes:

  • Added maven-shade-plugin filters to exclude vulnerable ZooKeeper 3.7.0 classes and metadata embedded in HiveJDBC42 artifact
  • Configured ServicesResourceTransformer and ManifestResourceTransformer to properly merge resources in shaded JAR

Affected connector:
Cloudera Hive

Please find attached functional test documents.
Cloudera-Hive cve fix.docx
CLOUDERAHIVE_FUNCTIONAL_TEST.xlsx

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@amazon-inspector-n-virginia
Copy link

amazon-inspector-n-virginia bot commented Dec 2, 2025

⏳ I'm reviewing this pull request for security vulnerabilities and code quality issues. I'll provide an update when I'm done

1 similar comment
@amazon-inspector-n-virginia
Copy link

amazon-inspector-n-virginia bot commented Dec 2, 2025

⏳ I'm reviewing this pull request for security vulnerabilities and code quality issues. I'll provide an update when I'm done

@amazon-inspector-n-virginia
Copy link

amazon-inspector-n-virginia bot commented Dec 2, 2025

✅ I finished the code review, and didn't find any security or code quality issues.

1 similar comment
@amazon-inspector-n-virginia
Copy link

amazon-inspector-n-virginia bot commented Dec 2, 2025

✅ I finished the code review, and didn't find any security or code quality issues.

@codecov
Copy link

codecov bot commented Dec 2, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.28%. Comparing base (fe0a5d9) to head (cb63f57).
⚠️ Report is 101 commits behind head on master.

Additional details and impacted files 
@@             Coverage Diff              @@
##             master    #3135      +/-   ##
============================================
+ Coverage     63.67%   68.28%   +4.61%     
- Complexity     4344     5000     +656     
============================================
  Files           621      636      +15     
  Lines         23286    24157     +871     
  Branches       2859     2997     +138     
============================================
+ Hits          14827    16496    +1669     
+ Misses         7070     6220     -850     
- Partials       1389     1441      +52

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@AbdulR3hman AbdulR3hman enabled auto-merge (squash) December 4, 2025 03:57
@AbdulR3hman AbdulR3hman force-pushed the cve_fix_cloudera_hive branch from 656ee43 to cb63f57 Compare December 4, 2025 03:58
@AbdulR3hman AbdulR3hman merged commit 01db126 into awslabs:master Dec 4, 2025
5 checks passed
github-actions bot pushed a commit to Jithendar12/aws-athena-query-federation that referenced this pull request Dec 5, 2025
Cut release 2025.48.2
c7852a3 
  - Update runner to ubuntu-latest
  - Add exec-maven-plugin for build configuration verification
  - Update GitHub Actions workflows to build with Java 11 and 17
  - build(deps): bump actions/checkout from 5 to 6 (awslabs#3110)
  - build(deps): bump aws-sdk-v2.version from 2.35.8 to 2.39.2 (awslabs#3111)
  - build(deps): bump org.elasticsearch.client:elasticsearch-rest-client from 9.1.5 to 9.2.1 (awslabs#3118)
  - build(deps): bump software.amazon.jsii:jsii-runtime from 1.115.0 to 1.119.0 (awslabs#3117)
  - build(deps): bump software.amazon.awssdk:cloudwatchlogs from 2.35.8 to 2.39.2 (awslabs#3116)
  - build(deps): bump gremlinDriverVersion from 3.7.4 to 3.8.0 (awslabs#3114)
  - build(deps): bump org.apache.httpcomponents.client5:httpclient5 from 5.4.3 to 5.5.1 (awslabs#3115)
  - Fix CVE: Cloudera Hive (awslabs#3135)
  - BigQuery CVE issues fix. (awslabs#3132)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AbdulR3hman AbdulR3hman AbdulR3hman approved these changes

@ejeffrli ejeffrli ejeffrli approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Trianz-Akshay @AbdulR3hman @ejeffrli