[
https://issues.apache.org/jira/browse/DRILL-8531?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18017480#comment-18017480
]
ASF GitHub Bot commented on DRILL-8531:
---------------------------------------
pjfanning commented on code in PR #3016:
URL: https://github.com/apache/drill/pull/3016#discussion_r2314126800
##########
contrib/storage-phoenix/pom.xml:
##########
@@ -313,98 +200,28 @@
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>*</artifactId>
- </exclusion>
- <exclusion>
- <groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
- </exclusion>
- <exclusion>
- <groupId>io.netty</groupId>
- <artifactId>netty</artifactId>
- </exclusion>
- <exclusion>
- <groupId>com.zaxxer</groupId>
- <artifactId>HikariCP-java7</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.apache.commons</groupId>
- <artifactId>commons-csv</artifactId>
- </exclusion>
</exclusions>
</dependency>
+
+
</dependencies>
+
<build>
<plugins>
- <plugin>
- <artifactId>maven-resources-plugin</artifactId>
- <executions>
- <execution>
- <id>copy-java-sources</id>
- <phase>process-sources</phase>
- <goals>
- <goal>copy-resources</goal>
- </goals>
- <configuration>
-
<outputDirectory>${basedir}/target/classes/org/apache/drill/exec/store/phoenix</outputDirectory>
- <resources>
- <resource>
-
<directory>src/main/java/org/apache/drill/exec/store/phoenix</directory>
- <filtering>true</filtering>
- </resource>
- </resources>
- </configuration>
- </execution>
- </executions>
- </plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<skipTests>${skipTests}</skipTests>
- <forkCount combine.self="override">1</forkCount>
+ <forkCount>1</forkCount>
<reuseForks>false</reuseForks>
- <includes>
- <include>**/PhoenixTestSuite.class</include>
- <include>**/SecuredPhoenixTestSuite.class</include>
- </includes>
- <excludes>
- <exclude>**/*Test.java</exclude>
- </excludes>
- <argLine>-Xms2048m -Xmx2048m</argLine>
+ <argLine>
+ -Xms2048m -Xmx2048m
+ --add-opens=java.base/java.lang=ALL-UNNAMED
+ --add-opens=java.base/java.util=ALL-UNNAMED
+ </argLine>
</configuration>
</plugin>
</plugins>
</build>
- <profiles>
- <profile>
Review Comment:
Hadoop 2 users can simply use older Drill releases. If the care so little
about the old Hadoop version and its multiple insecure libs then why should
they care much about latest fixes in Drill?
> Update Various Libraries due to CVEs
> ------------------------------------
>
> Key: DRILL-8531
> URL: https://issues.apache.org/jira/browse/DRILL-8531
> Project: Apache Drill
> Issue Type: Task
> Components: Security
> Affects Versions: 1.22.0
> Reporter: Charles Givre
> Assignee: Charles Givre
> Priority: Major
> Fix For: 1.23.0
>
>
> This PR updates various libraries and eliminates various critical CVEs.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
