[jira] [Updated] (IGNITE-18034) Address CVE-2022-39135 by upgrading calcite-core to 1.32.0

Tue, 01 Nov 2022 05:28:15 -0700 


     [ 
https://issues.apache.org/jira/browse/IGNITE-18034?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vyacheslav Koptilin updated IGNITE-18034:
-----------------------------------------
    Component/s:     (was: ignite-3)

> Address CVE-2022-39135 by upgrading calcite-core to 1.32.0
> ----------------------------------------------------------
>
>                 Key: IGNITE-18034
>                 URL: https://issues.apache.org/jira/browse/IGNITE-18034
>             Project: Ignite
>          Issue Type: Bug
>    Affects Versions: 2.14
>            Reporter: Sander
>            Priority: Major
>
> Hello,
> We have recently upgraded to ignite version 2.14.0 to take advantage of the 
> new calcite SQL engine. However there is a critical vulnerability with the 
> current version of calcite-core 1.30.0.
> Calcite-core version 1.30.0 has a critical vulnerability
> [https://nvd.nist.gov/vuln/detail/CVE-2022-39135]
> This vulnerability is resolved in calcite-core version 1.32.0. However if we 
> force this package in our build. There are issues running sql queries against 
> ignite with the error:
> ```
> java.lang.AbstractMethodError: 
> org.apache.calcite.sql.parser.SqlAbstractParserImpl.setTimeUnitCodes(Ljava/util/Map;)V
>     at org.apache.calcite.sql.parser.SqlParser.<init>(SqlParser.java:73) 
> ~[calcite-core-1.32.0.jar:1.32.0]
>     at org.apache.calcite.sql.parser.SqlParser.create(SqlParser.java:126) 
> ~[calcite-core-1.32.0.jar:1.32.0]
>     at 
> org.apache.ignite.internal.processors.query.calcite.util.Commons.parse(Commons.java:220)
>  ~[ignite-calcite-2.14.0.jar:2.14.0]
>     at 
> org.apache.ignite.internal.processors.query.calcite.util.Commons.parse(Commons.java:204)
>  ~[ignite-calcite-2.14.0.jar:2.14.0]
>     at 
> org.apache.ignite.internal.processors.query.calcite.CalciteQueryProcessor.query(CalciteQueryProcessor.java:345)
>  ~[ignite-calcite-2.14.0.jar:2.14.0]
>     at 
> org.apache.ignite.internal.processors.query.GridQueryProcessor$2.applyx(GridQueryProcessor.java:3092)
>  ~[ignite-core-2.14.0.jar:2.14.0]
>     at 
> org.apache.ignite.internal.processors.query.GridQueryProcessor$2.applyx(GridQueryProcessor.java:3074)
>  ~[ignite-core-2.14.0.jar:2.14.0]
>     at 
> org.apache.ignite.internal.util.lang.IgniteOutClosureX.apply(IgniteOutClosureX.java:36)
>  ~[ignite-core-2.14.0.jar:2.14.0]
>     at 
> org.apache.ignite.internal.processors.query.GridQueryProcessor.executeQuery(GridQueryProcessor.java:3751)
>  ~[ignite-core-2.14.0.jar:2.14.0]
>     at 
> org.apache.ignite.internal.processors.query.GridQueryProcessor.lambda$querySqlFields$3(GridQueryProcessor.java:3118)
>  ~[ignite-core-2.14.0.jar:2.14.0]
>     at 
> org.apache.ignite.internal.processors.query.GridQueryProcessor.executeQuerySafe(GridQueryProcessor.java:3190)
>  ~[ignite-core-2.14.0.jar:2.14.0]
>     at 
> org.apache.ignite.internal.processors.query.GridQueryProcessor.querySqlFields(GridQueryProcessor.java:3070)
>  ~[ignite-core-2.14.0.jar:2.14.0]
>     at 
> org.apache.ignite.internal.processors.query.GridQueryProcessor.querySqlFields(GridQueryProcessor.java:3024)
>  ~[ignite-core-2.14.0.jar:2.14.0]
>     at 
> org.apache.ignite.internal.processors.odbc.jdbc.JdbcRequestHandler.querySqlFields(JdbcRequestHandler.java:773)
>  ~[ignite-core-2.14.0.jar:2.14.0]
>     at 
> org.apache.ignite.internal.processors.odbc.jdbc.JdbcRequestHandler.executeQuery(JdbcRequestHandler.java:641)
>  ~[ignite-core-2.14.0.jar:2.14.0]
>     at 
> org.apache.ignite.internal.processors.odbc.jdbc.JdbcRequestHandler.doHandle(JdbcRequestHandler.java:311)
>  ~[ignite-core-2.14.0.jar:2.14.0]
>     at 
> org.apache.ignite.internal.processors.odbc.jdbc.JdbcRequestHandler.handle(JdbcRequestHandler.java:251)
>  ~[ignite-core-2.14.0.jar:2.14.0]
>     at 
> org.apache.ignite.internal.processors.odbc.ClientListenerNioListener.onMessage(ClientListenerNioListener.java:204)
>  ~[ignite-core-2.14.0.jar:2.14.0]
>     at 
> org.apache.ignite.internal.processors.odbc.ClientListenerNioListener.onMessage(ClientListenerNioListener.java:55)
>  ~[ignite-core-2.14.0.jar:2.14.0]
>     at 
> org.apache.ignite.internal.util.nio.GridNioFilterChain$TailFilter.onMessageReceived(GridNioFilterChain.java:279)
>  ~[ignite-core-2.14.0.jar:2.14.0]
>     at 
> org.apache.ignite.internal.util.nio.GridNioFilterAdapter.proceedMessageReceived(GridNioFilterAdapter.java:109)
>  ~[ignite-core-2.14.0.jar:2.14.0]
>     at 
> org.apache.ignite.internal.util.nio.GridNioAsyncNotifyFilter$3.body(GridNioAsyncNotifyFilter.java:97)
>  ~[ignite-core-2.14.0.jar:2.14.0]
>     at 
> org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:125) 
> ~[ignite-core-2.14.0.jar:2.14.0]
>     at 
> org.apache.ignite.internal.util.worker.GridWorkerPool$1.run(GridWorkerPool.java:70)
>  [ignite-core-2.14.0.jar:2.14.0]
>     at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) 
> [na:1.8.0_301]
>     at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) 
> [na:1.8.0_301]
>     at java.lang.Thread.run(Unknown Source) [na:1.8.0_301]```



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to