New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HIVE-26254: upgrade calcite to 1.26.0 due to CVE #3315
Conversation
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
The build results aren't available now, so couldn't check what broke due to this. |
@ayushtkn I can't recall the issue but I think it was non-trivial. I've started a CI build to get the results. |
Thanx @pjfanning But I think Guava issue will stay.... |
@ayushtkn I linked a couple of issues on https://issues.apache.org/jira/browse/HIVE-26254 relating to Guava upgrade. Would there be any stomach to try to upgrade guava? |
I think we need to upgrade guava for other reasons as well. May be it would be possible post HIVE-24484. As of today if you try upgrading guava it will give a bunch of failures due to conflict between current guava version of hadoop. HADOOP-16924 shades guava, so I think post moving to hadoop-3.3.1, upgrading guava should be possible |
FYI Calcite claims to support all Guava versions from 19.0 to 31.1-jre and there are regular CI tests for both ends:
thus I don't think upgrading Calcite would strictly require Guava upgrade. Apart from that, Calcite 1.31.0 will be out soon so it may be preferable to upgrade to that version directly. |
The link to the broken build does not work for me. https://ci.hive.apache.org/job/hive-precommit/job/PR-3315/1/display/redirect |
@ayushtkn |
@zabetak I saw that written in the POM of Calcite as well. May be we have to exclude the Guava coming from Calcite and then try with the latest version? |
Thanks for the pointer @ayushtkn. Indeed the failure is related to Guava and Calcite (most likely due to CALCITE-4259) but it shouldn't require a Guava upgrade. Probably there is a problem on the way Hive shades calcite in the ql module or something along these lines. |
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
Closed as https://issues.apache.org/jira/browse/HIVE-26254 has been superseded. |
What changes were proposed in this pull request?
Upgrade calcite version due to CVE - https://issues.apache.org/jira/browse/HIVE-26254
Why are the changes needed?
Does this PR introduce any user-facing change?
How was this patch tested?