You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@drill.apache.org by GitBox <gi...@apache.org> on 2022/01/30 14:30:40 UTC

[GitHub] [drill] kingswanwho opened a new pull request #2443: DRILL-8116: Upgrade Apache Xerces because of CVE-2022-23437

kingswanwho opened a new pull request #2443:
URL: https://github.com/apache/drill/pull/2443


   # [DRILL-8116](https://issues.apache.org/jira/browse/DRILL-8116): Upgrade Apache Xerces because of CVE-2022-23437
   
   ## Description
   
   Upgrade Apache Xerces because of CVE-2022-23437
   
   ## Documentation
   
   please refer to https://github.com/advisories/GHSA-h65f-jvqw-m9fj
   
   ## Testing
   
   Check dependency by "mvn dependency:tree" and all dependencies which related to Xerces have been upgraded to 2.12.2
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [drill] jnturton merged pull request #2443: DRILL-8116: Upgrade Apache Xerces because of CVE-2022-23437

Posted by GitBox <gi...@apache.org>.

jnturton merged pull request #2443:
URL: https://github.com/apache/drill/pull/2443


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [drill] jnturton commented on pull request #2443: DRILL-8116: Upgrade Apache Xerces because of CVE-2022-23437

Posted by GitBox <gi...@apache.org>.

jnturton commented on pull request #2443:
URL: https://github.com/apache/drill/pull/2443#issuecomment-1025185654


   Thanks for this PR.  This Xerces update is already part of an open PR (#2432) that has run into other problems trying to update the vulnerable H2 DB lib.  No harm in sending in this in early. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org