You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@drill.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2022/10/14 11:50:00 UTC
[jira] [Commented] (DRILL-8334) upgrade to okhttp 4.10.0 due to CVEs in kotlin transitive dependencies
[ https://issues.apache.org/jira/browse/DRILL-8334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17617660#comment-17617660 ]
ASF GitHub Bot commented on DRILL-8334:
---------------------------------------
pjfanning opened a new pull request, #2679:
URL: https://github.com/apache/drill/pull/2679
## Description
See https://issues.apache.org/jira/browse/DRILL-8334
## Documentation
(Please describe user-visible changes similar to what should appear in the Drill documentation.)
## Testing
(Please describe how this PR has been tested.)
> upgrade to okhttp 4.10.0 due to CVEs in kotlin transitive dependencies
> ----------------------------------------------------------------------
>
> Key: DRILL-8334
> URL: https://issues.apache.org/jira/browse/DRILL-8334
> Project: Apache Drill
> Issue Type: Improvement
> Reporter: PJ Fanning
> Priority: Major
>
> [https://mvnrepository.com/artifact/com.squareup.okhttp3/okhttp]
> It's a fairly minot bump from 4.9.3 to 4.10.0
> okhttp 4.10.0 uses a newer copy of kotlin-stdlib that doesn't have CVEs
--
This message was sent by Atlassian Jira
(v8.20.10#820010)