[jira] [Commented] (DRILL-7994) Dependency version updates for severe vulnerabilities

ASF GitHub Bot (Jira) Fri, 28 Jan 2022 05:01:52 -0800


    [ 
https://issues.apache.org/jira/browse/DRILL-7994?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17483760#comment-17483760
 ]


ASF GitHub Bot commented on DRILL-7994:
---------------------------------------

cgivre commented on a change in pull request #2432:
URL: https://github.com/apache/drill/pull/2432#discussion_r794482944



##########
File path: distribution/pom.xml
##########
@@ -199,28 +199,30 @@
     <dependency>
       <groupId>io.netty</groupId>
       <artifactId>netty-tcnative</artifactId>
-      <version>2.0.1.Final</version>
+      <version>2.0.47.Final</version>
       <classifier>linux-x86_64</classifier>
       <scope>test</scope>
     </dependency>
     <dependency>
       <groupId>io.netty</groupId>
       <artifactId>netty-tcnative</artifactId>
-      <version>2.0.1.Final</version>
+      <version>2.0.47.Final</version>
       <classifier>linux-x86_64-fedora</classifier>
       <scope>test</scope>
     </dependency>
     <dependency>
       <groupId>io.netty</groupId>
       <artifactId>netty-tcnative</artifactId>
-      <version>2.0.1.Final</version>
+      <version>2.0.47.Final</version>
       <classifier>osx-x86_64</classifier>
       <scope>test</scope>
     </dependency>
     <dependency>
       <groupId>io.netty</groupId>
       <artifactId>netty-tcnative</artifactId>
-      <version>2.0.1.Final</version>
+      <!-- bump warning: windows-x86_64 jars apparently stopped being published
+      after 2.0.36, see 
https://repo1.maven.org/maven2/io/netty/netty-tcnative/ -->
+      <version>2.0.36.Final</version>

Review comment:
       Does this mean that Drill will not work on Windows?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


> Dependency version updates for severe vulnerabilities
> -----------------------------------------------------
>
>                 Key: DRILL-7994
>                 URL: https://issues.apache.org/jira/browse/DRILL-7994
>             Project: Apache Drill
>          Issue Type: Task
>          Components: Security
>    Affects Versions: 1.19.0
>            Reporter: Charles Givre
>            Assignee: James Turton
>            Priority: Major
>             Fix For: 1.20.0
>
>         Attachments: dependency-check-report.html
>
>
> Dependency updates based on severe vulnerabilities reported by the OWASP 
> dependency check.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (DRILL-7994) Dependency version updates for severe vulnerabilities

Reply via email to