[jira] [Commented] (DRILL-8521) Change session cookie name to avoid conflicts

Wed, 30 Apr 2025 05:45:07 -0700 


    [ 
https://issues.apache.org/jira/browse/DRILL-8521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17948462#comment-17948462
 ] 

ASF GitHub Bot commented on DRILL-8521:
---------------------------------------

rymarm opened a new pull request, #2986:
URL: https://github.com/apache/drill/pull/2986

   # [DRILL-8521](https://issues.apache.org/jira/browse/DRILL-8521): Upgrade 
parquet-avro to 1.15.1, avro to 1.12.0
   
   
   ## Description
   
   Update parquet libraries to the latest version due to CVE-2025-30065. Along 
with it, upgrade `avro` and `parquet-format` to the latest versions:
   * parquet libraries from `1.12.3` to `1.15.1`
   * avro libraries from `1.11.4` to `1.12.0`
   * parquet-format from `2.9.0` to `2.11.0`
   
   This PR also resolves 
[DRILL-7906](https://issues.apache.org/jira/browse/DRILL-7906). I believe we 
can finally return to using the original `ColumnChunkPageWriteStore` class, as 
the writer now uses the allocator instead of the heap following this change: 
https://github.com/apache/parquet-java/pull/1278.
   
   Our custom implementation of 
`ColumnChunkPageWriteStore`(`ParquetColumnChunkPageWriteStore`) is slightly 
different, but the updated Parquet version should now be sufficient for our 
needs.
   
   `ParquetFileWriter.java` is a full copy of the original Parquet 
implementation, with only minor modifications - specifically, the lines that 
throw an exception on empty Parquet files have been commented out. 
   This kludge is necessary to allow Drill to create empty Parquet files with 
metadata. For more details, see:
   https://github.com/apache/parquet-java/pull/852#discussion_r611094854
   https://issues.apache.org/jira/browse/PARQUET-2026
   
   
   ## Documentation
   No user-facing changes.
   
   ## Testing
   Unit tests 
   




> Change session cookie name to avoid conflicts
> ---------------------------------------------
>
>                 Key: DRILL-8521
>                 URL: https://issues.apache.org/jira/browse/DRILL-8521
>             Project: Apache Drill
>          Issue Type: Improvement
>    Affects Versions: 1.21.2
>            Reporter: Maksym Rymar
>            Assignee: Maksym Rymar
>            Priority: Major
>             Fix For: 1.22.0
>
>
> Drill uses Jetty's default cookie name, {{{}JSESSIONID{}}}, to store the user 
> session ID.
>  
> Because {{JSESSIONID}} is a generic name, multiple web services running on 
> the same host can conflict if they use the same cookie name.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to