[
https://issues.apache.org/jira/browse/IMPALA-10060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17173398#comment-17173398
]
Tim Armstrong commented on IMPALA-10060:
----------------------------------------
[~krisden] we keep the build/test/contribution kinda info on cwiki -
https://cwiki.apache.org/confluence/display/IMPALA/Impala+Home.
If you were just bumping the postgres version one option is to make the change
and run the precommit job on the gerrit review -
https://cwiki.apache.org/confluence/display/IMPALA/Using+Gerrit+to+submit+and+review+patches#UsingGerrittosubmitandreviewpatches-Verifyingapatch(opentoallImpalacontributors).
Another thing that I'm thinking about is whether we should have this marked as
a test-only dependency. I believe we're only download this for use in our tests
(and for Ranger/HMS to use their backing databases).
> Postgres JDBC driver should be upgraded to 42.2.14
> --------------------------------------------------
>
> Key: IMPALA-10060
> URL: https://issues.apache.org/jira/browse/IMPALA-10060
> Project: IMPALA
> Issue Type: Task
> Reporter: Kevin Risden
> Priority: Major
>
> Impala currently uses Postgres driver version 42.2.8 which isn't up to date
> and has a CVE associated with it. It would be good to upgrade to 42.2.14
> which is the latest as of June 2020.
> https://mvnrepository.com/artifact/org.postgresql/postgresql
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
