advancedxy commented on PR #2693: URL: https://github.com/apache/uniffle/pull/2693#issuecomment-3625626670
> Maintainer here, it is not necessary to move to safeInstance if you apply the patch. The workaround in the CVE is only necessary if you cannot upgrade for some reason. Thanks for the heads up. The initial modifications are made to make sure that we can still work around the issue if there are other concerns about the lz4 upgrade. Since it's already merged and we are planning to upgrade to the latest version, I think we can revert the change or kept it as it is. > tks @advancedxy merged Thanks. > we will upgrade the latest version in the next week. We may need to release a new version with current lz4 version first? Otherwise, downstream users will have to deal with potential two versions of lz4 in their class path. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
