Any plan to update Derby from 10.16.1.1 to 10.17.1.0? #54563
Description
Hi team,
I have two quick questions regarding dependency upgrades:
1.Spark currently uses Derby 10.16.1.1, which has several known CVE security vulnerabilities. The latest version, 10.17.1.0, has already fixed these issues. Could you share if there are plans to upgrade Derby to 10.17.1.0 in a future release?
2.Are there any official plans to upgrade the built-in Hive dependency to version 4.2.0? I noticed there was a previous PR (#52099) that discussed upgrading Hive to 4.1.0 but has been inactive recently, so I’d like to check the current roadmap.
Looking forward to your feedback.Thanks for your hard work!