Apache Hive ​1.0.1 和 1.1.1两个版本同时发布，他们分别是基于Hive 1.0.0和Hive 1.1.0，这两个版本都同时修复可同一个Bug：LDAP授权provider的漏洞。如果用户在HiveServer2里面使用到LDAP授权模式（hive.server2.authentication=LDAP），并且LDAP使用简单地未认证模式，或者是匿名绑定(anonymous bind)，在这种情况下未得到合理授权的用户将得到认证（authenticated）！这很不安全。如果对安全要求比较高的人赶紧升级到这些版本。

如果想及时了解Spark、Hadoop或者Hbase相关的文章，欢迎关注微信公共帐号：iteblog_hadoop

完整的邮件列表内容：

The Apache Hive team is proud to announce the the release of Apache

Hive version
​1.0.1 and 1.1.1.

​These two versions are based on Hive 1.0.0, and Hive 1.1.0, respectively.

​They include a fix for a ​
​
​vulnerability issue about LDAP authentication provider

implementation. For more information, please refer to CVE-2015-1772.

The Apache Hive (TM) data warehouse software facilitates querying and
managing large datasets residing in distributed storage. Built on top
of Apache Hadoop (TM), it provides:

* Tools to enable easy data extract/transform/load (ETL)

* A mechanism to impose structure on a variety of data formats

* Access to files stored either directly in Apache HDFS (TM) or in
other data storage systems such as Apache HBase (TM)

* Query execution via Apache Hadoop MapReduce or Apache Tez frameworks
(and Apache Spark framework in Hive 1.1.1)

For Hive release details and downloads, please
visit:https://hive.apache.org/downloads.html

​Hive 1.0.1
Release Notes are available
here:https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12329444&styleName=Text&projectId=12310843

​Hive​ 1.1.1 Release Note are available here:

https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12329557&styleName=Text&projectId=12310843

这两个版本的Hive Release Notes如下：

[HIVE-10573] - Improve Hive service for connection

　　这个安全Bug在Apache Hive 1.2.0也修复了，详情可以参见《Apache Hive 1.2.0正式发布》