You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@drill.apache.org by GitBox <gi...@apache.org> on 2022/01/30 14:30:40 UTC
[GitHub] [drill] kingswanwho opened a new pull request #2443: DRILL-8116: Upgrade Apache Xerces because of CVE-2022-23437
kingswanwho opened a new pull request #2443:
URL: https://github.com/apache/drill/pull/2443
# [DRILL-8116](https://issues.apache.org/jira/browse/DRILL-8116): Upgrade Apache Xerces because of CVE-2022-23437
## Description
Upgrade Apache Xerces because of CVE-2022-23437
## Documentation
please refer to https://github.com/advisories/GHSA-h65f-jvqw-m9fj
## Testing
Check dependency by "mvn dependency:tree" and all dependencies which related to Xerces have been upgraded to 2.12.2
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [drill] jnturton merged pull request #2443: DRILL-8116: Upgrade Apache Xerces because of CVE-2022-23437
Posted by GitBox <gi...@apache.org>.
jnturton merged pull request #2443:
URL: https://github.com/apache/drill/pull/2443
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [drill] jnturton commented on pull request #2443: DRILL-8116: Upgrade Apache Xerces because of CVE-2022-23437
Posted by GitBox <gi...@apache.org>.
jnturton commented on pull request #2443:
URL: https://github.com/apache/drill/pull/2443#issuecomment-1025185654
Thanks for this PR. This Xerces update is already part of an open PR (#2432) that has run into other problems trying to update the vulnerable H2 DB lib. No harm in sending in this in early.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org