You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@drill.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2022/10/14 11:50:00 UTC

[jira] [Commented] (DRILL-8334) upgrade to okhttp 4.10.0 due to CVEs in kotlin transitive dependencies

    [ https://issues.apache.org/jira/browse/DRILL-8334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17617660#comment-17617660 ] 

ASF GitHub Bot commented on DRILL-8334:
---------------------------------------

pjfanning opened a new pull request, #2679:
URL: https://github.com/apache/drill/pull/2679

   ## Description
   
   See https://issues.apache.org/jira/browse/DRILL-8334
   
   ## Documentation
   (Please describe user-visible changes similar to what should appear in the Drill documentation.)
   
   ## Testing
   (Please describe how this PR has been tested.)
   




> upgrade to okhttp 4.10.0 due to CVEs in kotlin transitive dependencies
> ----------------------------------------------------------------------
>
>                 Key: DRILL-8334
>                 URL: https://issues.apache.org/jira/browse/DRILL-8334
>             Project: Apache Drill
>          Issue Type: Improvement
>            Reporter: PJ Fanning
>            Priority: Major
>
> [https://mvnrepository.com/artifact/com.squareup.okhttp3/okhttp]
> It's a fairly minot bump from 4.9.3 to 4.10.0
> okhttp 4.10.0 uses a newer copy of kotlin-stdlib that doesn't have CVEs



--
This message was sent by Atlassian Jira
(v8.20.10#820010)