You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@drill.apache.org by GitBox <gi...@apache.org> on 2022/02/11 04:57:04 UTC
[GitHub] [drill] jnturton opened a new pull request #2458: DRILL-8130: Upgrade Hadoop 2 to 2.10.1 because of CVE-2020-9492
jnturton opened a new pull request #2458:
URL: https://github.com/apache/drill/pull/2458
# [DRILL-8130](https://issues.apache.org/jira/browse/DRILL-8130): Upgrade Hadoop 2 to 2.10.1 because of CVE-2020-9492.
## Description
In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.
## Documentation
N/A
## Testing
Existing unit tests.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [drill] luocooong commented on a change in pull request #2458: DRILL-8130: Upgrade Hadoop 2 to 2.10.1 because of CVE-2020-9492
Posted by GitBox <gi...@apache.org>.
luocooong commented on a change in pull request #2458:
URL: https://github.com/apache/drill/pull/2458#discussion_r804370741
##########
File path: pom.xml
##########
@@ -4035,7 +4035,7 @@
</property>
</activation>
<properties>
- <hadoop.version>2.9.2</hadoop.version>
+ <hadoop.version>2.10.1</hadoop.version>
Review comment:
In general, updating a minor version number [major > minor > patch] does not result in compatibility, we just need to compile it successfully locally.
```
mvn clean install -DskipTests -Phadoop-2
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [drill] jnturton commented on a change in pull request #2458: DRILL-8130: Upgrade Hadoop 2 to 2.10.1 because of CVE-2020-9492
Posted by GitBox <gi...@apache.org>.
jnturton commented on a change in pull request #2458:
URL: https://github.com/apache/drill/pull/2458#discussion_r804378416
##########
File path: pom.xml
##########
@@ -4035,7 +4035,7 @@
</property>
</activation>
<properties>
- <hadoop.version>2.9.2</hadoop.version>
+ <hadoop.version>2.10.1</hadoop.version>
Review comment:
Great catch thank you @luocooong. I'd forgotten that the CI does not check this build profile and there is indeed a small JDBC jar size enforcer failure. Fixing...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [drill] jnturton merged pull request #2458: DRILL-8130: Upgrade Hadoop 2 to 2.10.1 because of CVE-2020-9492
Posted by GitBox <gi...@apache.org>.
jnturton merged pull request #2458:
URL: https://github.com/apache/drill/pull/2458
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org