[jira] [Commented] (DRILL-7790) Build Drill with Netty version 4.1.50.Final

Fri, 25 Sep 2020 04:10:08 -0700 


    [ 
https://issues.apache.org/jira/browse/DRILL-7790?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17202063#comment-17202063
 ] 

ASF GitHub Bot commented on DRILL-7790:
---------------------------------------

alkakumari42 opened a new pull request #2105:
URL: https://github.com/apache/drill/pull/2105


   [DRILL-7790](https://issues.apache.org/jira/browse/DRILL-7790): Build Drill 
with Netty version 4.1.50.Final
   
   (Please replace `PR Title` with actual PR Title)
   
   Updated Netty version to 4.1.50.Final and have modified the code accordingly 
   (Please describe the change. If more than one ticket is fixed, include a 
reference to those tickets.)
   
   ## Documentation
   (Please describe user-visible changes similar to what should appear in the 
Drill documentation.)
   
   ## Testing
   (Please describe how this PR has been tested.)
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


> Build Drill with Netty version 4.1.50.Final
> -------------------------------------------
>
>                 Key: DRILL-7790
>                 URL: https://issues.apache.org/jira/browse/DRILL-7790
>             Project: Apache Drill
>          Issue Type: Bug
>    Affects Versions: 1.17.0
>            Reporter: alka kumari
>            Priority: Major
>
> Hi,
>  
> In apache Drill Client 1.17, Netty version 4.0.48.Final is being used and it 
> suffers from vulnerability (CVE-2019-16869):
>  https://www.cvedetails.com/cve/CVE-2019-16869/
>  https://snyk.io/vuln/maven:io.netty%3Anetty-all
>  
> This has been fixed in the latest netty (4.1.50.Final).
>  
> We want to build a drill with the latest Netty version that is free from any 
> vulnerabilities. 
>  
> As there are many breaking changes from 4.0.48 to 4.1.50, I have modified the 
> code accordingly. 
>  
> I noticed that after trying to upgrade the dependency, I was unable to 
> connect with SSL enabled.
>   
>  ERROR:
>  Connecting to the server timed out. This is sometimes due to a mismatch in 
> the SSL configuration between client and server. [ Exception: Waited 10000 
> milliseconds for 
> org.apache.drill.shaded.guava.com.google.common.util.concurrent.SettableFuture@6ea2bc93[status=PENDING]].
>   
>  
> I have created a pull request containing the changes which I have tried to 
> make.
>  
> Could someone please advise further on what needs to be changed?
>  
> Regards,
>  Alka



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to