Cong Luo created DRILL-7981:
-------------------------------
Summary: Bump commons-compress from 1.20 to 1.21 for CVE-2021-36090
Key: DRILL-7981
URL: https://issues.apache.org/jira/browse/DRILL-7981
Project: Apache Drill
Issue Type: Improvement
Reporter: Cong Luo
Assignee: Cong Luo
Fix For: 1.20.0
When reading a specially crafted ZIP archive, Compress can be made to allocate
large amounts of memory that finally leads to an out of memory error even for
very small inputs. This could be used to mount a denial of service attack
against services that use Compress' zip package.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
