Hi Jerin, Can you please share the report and which vulnerabilities you are concerned with. TBH, a lot of these vulnerability scanners generate a lot of alerts that really aren't all that useful or relevant. For instance, we might use a library that has a vulnerability, but never actually use the part of the library where the vulnerability exists.
If there are real issues, I think the Drill developers will make a good faith effort to remediate them. Best, --C > On Jan 28, 2025, at 19:25, Jerin Sharif <jsha...@gblsys.com> wrote: > > Hello, I found this email on your website encouraging users to post > questions. I have a project that has been working with both Hadoop and Drill > for a while. Recently we have done a Trivy > (https://github.com/aquasecurity/trivy) scan and received a few positives on > both of those services. My questions are - does Drill have any future plans > for remediations for these vulnerabilities? If so is there a date / version > in mind for this resolved release? Do you know if Hadoop is currently working > on something similar / a contact for Hadoop? My apologies if this information > is already somewhere on your website - I can't seem to find anything in the > FAQ's and the issues page doesn't allow me to search without an Apache Jira > account. Thanks! > NOTICE: If you received this communication in error, please do not examine, > review, print, copy, forward, disseminate, or otherwise use the information. > Please immediately notify the sender and delete the copy received. The > information contained in this communication is intended for the sole use of > the named addressees/recipients to whom it is addressed.
smime.p7s
Description: S/MIME cryptographic signature
