You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@drill.apache.org by GitBox <gi...@apache.org> on 2021/06/14 16:25:57 UTC
[GitHub] [drill] ssainz opened a new issue #2260: CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1
ssainz opened a new issue #2260:
URL: https://github.com/apache/drill/issues/2260
**Describe the bug**
CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1
**To Reproduce**
Please check vulnerability section in :
(https://github.com/google/guava/issues/4011)[https://github.com/google/guava/issues/4011]
**Expected behavior**
Upgrading to v30.1.1 will mitigate this vulnerability.
**Screenshots**
If applicable, add screenshots to help explain your problem.
**Desktop (please complete the following information):**
- OS: all
- Browser all
- Version all
**Smartphone (please complete the following information):**
- Device: [e.g. iPhone6]
- OS: [e.g. iOS8.1]
- Browser [e.g. stock browser, safari]
- Version [e.g. 22]
**Additional context**
Add any other context about the problem here.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [drill] ssainz commented on issue #2260: CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1
Posted by GitBox <gi...@apache.org>.
ssainz commented on issue #2260:
URL: https://github.com/apache/drill/issues/2260#issuecomment-864019172
Hello there @luocooong , @cgivre - defect not fixed. Please check this line:
https://github.com/vdiravka/drill/blob/master/pom.xml#L49
shared guava still refers to guava 28.2 , thus, CVE-2020-8908 remains in Drill 1.19.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [drill] cgivre commented on issue #2260: CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1
Posted by GitBox <gi...@apache.org>.
cgivre commented on issue #2260:
URL: https://github.com/apache/drill/issues/2260#issuecomment-863483191
Unless there is any objection, I'm going to close this as it should be resolved in Drill 1.19.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [drill] ssainz edited a comment on issue #2260: CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1
Posted by GitBox <gi...@apache.org>.
ssainz edited a comment on issue #2260:
URL: https://github.com/apache/drill/issues/2260#issuecomment-864019172
Hello there @luocooong , @cgivre - defect not fixed. Please check this line:
https://github.com/apache/drill/blob/master/pom.xml#L49
shared guava still refers to guava 28.2 , thus, CVE-2020-8908 remains in Drill 1.19.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [drill] luocooong commented on issue #2260: CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1
Posted by GitBox <gi...@apache.org>.
luocooong commented on issue #2260:
URL: https://github.com/apache/drill/issues/2260#issuecomment-864392221
@ssainz YES. Thanks for the reminder. @vdiravka has already started the process of updating Drill shaded Guava.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org