Fixed in 2.0.1:
CVE-2018-8028: Sentry bypasses ALTER TABLE EXCHANGE PARTITIONS authorization on Apache Hive
Fixed in 1.7.1:
CVE-2015-3254: Apache Sentry vulnerabilities due to use of vulnerable version of Apache Thrift
Fixed in 1.7.0:
CVE-2016-0760 : Hive builtin functions “reflect”, “reflect2”, and “java_method” are not blocked in Apache Sentry