You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Sander (Jira)" <ji...@apache.org> on 2022/10/31 20:03:00 UTC
[jira] [Created] (IGNITE-18034) Address CVE-2022-39135 by upgrading calcite-core to 1.32.0
Sander created IGNITE-18034:
-------------------------------
Summary: Address CVE-2022-39135 by upgrading calcite-core to 1.32.0
Key: IGNITE-18034
URL: https://issues.apache.org/jira/browse/IGNITE-18034
Project: Ignite
Issue Type: Bug
Components: ignite-3
Affects Versions: 2.14
Reporter: Sander
Hello,
We have recently upgraded to ignite version 2.14.0 to take advantage of the new calcite SQL engine. However there is a critical vulnerability with the current version of calcite-core 1.30.0.
Calcite-core version 1.30.0 has a critical vulnerability
[https://nvd.nist.gov/vuln/detail/CVE-2022-39135]
This vulnerability is resolved in calcite-core version 1.32.0. However if we force this package in our build. There are issues running sql queries against ignite with the error:
```
java.lang.AbstractMethodError: org.apache.calcite.sql.parser.SqlAbstractParserImpl.setTimeUnitCodes(Ljava/util/Map;)V
at org.apache.calcite.sql.parser.SqlParser.<init>(SqlParser.java:73) ~[calcite-core-1.32.0.jar:1.32.0]
at org.apache.calcite.sql.parser.SqlParser.create(SqlParser.java:126) ~[calcite-core-1.32.0.jar:1.32.0]
at org.apache.ignite.internal.processors.query.calcite.util.Commons.parse(Commons.java:220) ~[ignite-calcite-2.14.0.jar:2.14.0]
at org.apache.ignite.internal.processors.query.calcite.util.Commons.parse(Commons.java:204) ~[ignite-calcite-2.14.0.jar:2.14.0]
at org.apache.ignite.internal.processors.query.calcite.CalciteQueryProcessor.query(CalciteQueryProcessor.java:345) ~[ignite-calcite-2.14.0.jar:2.14.0]
at org.apache.ignite.internal.processors.query.GridQueryProcessor$2.applyx(GridQueryProcessor.java:3092) ~[ignite-core-2.14.0.jar:2.14.0]
at org.apache.ignite.internal.processors.query.GridQueryProcessor$2.applyx(GridQueryProcessor.java:3074) ~[ignite-core-2.14.0.jar:2.14.0]
at org.apache.ignite.internal.util.lang.IgniteOutClosureX.apply(IgniteOutClosureX.java:36) ~[ignite-core-2.14.0.jar:2.14.0]
at org.apache.ignite.internal.processors.query.GridQueryProcessor.executeQuery(GridQueryProcessor.java:3751) ~[ignite-core-2.14.0.jar:2.14.0]
at org.apache.ignite.internal.processors.query.GridQueryProcessor.lambda$querySqlFields$3(GridQueryProcessor.java:3118) ~[ignite-core-2.14.0.jar:2.14.0]
at org.apache.ignite.internal.processors.query.GridQueryProcessor.executeQuerySafe(GridQueryProcessor.java:3190) ~[ignite-core-2.14.0.jar:2.14.0]
at org.apache.ignite.internal.processors.query.GridQueryProcessor.querySqlFields(GridQueryProcessor.java:3070) ~[ignite-core-2.14.0.jar:2.14.0]
at org.apache.ignite.internal.processors.query.GridQueryProcessor.querySqlFields(GridQueryProcessor.java:3024) ~[ignite-core-2.14.0.jar:2.14.0]
at org.apache.ignite.internal.processors.odbc.jdbc.JdbcRequestHandler.querySqlFields(JdbcRequestHandler.java:773) ~[ignite-core-2.14.0.jar:2.14.0]
at org.apache.ignite.internal.processors.odbc.jdbc.JdbcRequestHandler.executeQuery(JdbcRequestHandler.java:641) ~[ignite-core-2.14.0.jar:2.14.0]
at org.apache.ignite.internal.processors.odbc.jdbc.JdbcRequestHandler.doHandle(JdbcRequestHandler.java:311) ~[ignite-core-2.14.0.jar:2.14.0]
at org.apache.ignite.internal.processors.odbc.jdbc.JdbcRequestHandler.handle(JdbcRequestHandler.java:251) ~[ignite-core-2.14.0.jar:2.14.0]
at org.apache.ignite.internal.processors.odbc.ClientListenerNioListener.onMessage(ClientListenerNioListener.java:204) ~[ignite-core-2.14.0.jar:2.14.0]
at org.apache.ignite.internal.processors.odbc.ClientListenerNioListener.onMessage(ClientListenerNioListener.java:55) ~[ignite-core-2.14.0.jar:2.14.0]
at org.apache.ignite.internal.util.nio.GridNioFilterChain$TailFilter.onMessageReceived(GridNioFilterChain.java:279) ~[ignite-core-2.14.0.jar:2.14.0]
at org.apache.ignite.internal.util.nio.GridNioFilterAdapter.proceedMessageReceived(GridNioFilterAdapter.java:109) ~[ignite-core-2.14.0.jar:2.14.0]
at org.apache.ignite.internal.util.nio.GridNioAsyncNotifyFilter$3.body(GridNioAsyncNotifyFilter.java:97) ~[ignite-core-2.14.0.jar:2.14.0]
at org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:125) ~[ignite-core-2.14.0.jar:2.14.0]
at org.apache.ignite.internal.util.worker.GridWorkerPool$1.run(GridWorkerPool.java:70) [ignite-core-2.14.0.jar:2.14.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.8.0_301]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.8.0_301]
at java.lang.Thread.run(Unknown Source) [na:1.8.0_301]```
--
This message was sent by Atlassian Jira
(v8.20.10#820010)