Skip to content

Security: apache/hive

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

Please report suspected security vulnerabilities in Apache Hive privately to the Hive security list at security@hive.apache.org, following the Apache Software Foundation security process. Do not open public GitHub issues or pull requests for security reports — a private report lets the issue be investigated and fixed before disclosure.

Threat Model

A threat model for Apache Hive is maintained in THREAT_MODEL.md. It describes the trust boundaries (the HiveServer2 SQL front door, the Metastore, the query/UDF execution layer), the adversaries in and out of scope, the security properties Hive upholds given its deployment assumptions versus those left to the operator (transport security, authorization-model choice, network isolation, UDF vetting), and the recurring non-findings. Triagers of scanner, fuzzer, or AI-generated findings should route each through THREAT_MODEL.md §13.

This file is v0 and carries open questions for the Hive PMC in THREAT_MODEL.md §14.

There aren't any published security advisories