Skip to content

Any plan to update Derby from 10.16.1.1 to 10.17.1.0? #54563

@stayform

Description

@stayform

Hi team,
I have two quick questions regarding dependency upgrades:

1.Spark currently uses Derby 10.16.1.1, which has several known CVE security vulnerabilities. The latest version, 10.17.1.0, has already fixed these issues. Could you share if there are plans to upgrade Derby to 10.17.1.0 in a future release?

2.Are there any official plans to upgrade the built-in Hive dependency to version 4.2.0? I noticed there was a previous PR (#52099) that discussed upgrading Hive to 4.1.0 but has been inactive recently, so I’d like to check the current roadmap.

Looking forward to your feedback.Thanks for your hard work!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions