You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@drill.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2022/02/11 04:58:00 UTC

[jira] [Commented] (DRILL-8130) Upgrade Hadoop 2 to 2.10.1 because of CVE-2020-9492

    [ https://issues.apache.org/jira/browse/DRILL-8130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17490664#comment-17490664 ] 

ASF GitHub Bot commented on DRILL-8130:
---------------------------------------

jnturton opened a new pull request #2458:
URL: https://github.com/apache/drill/pull/2458


   # [DRILL-8130](https://issues.apache.org/jira/browse/DRILL-8130): Upgrade Hadoop 2 to 2.10.1 because of CVE-2020-9492.
   
   ## Description
   
   In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.
   
   ## Documentation
   N/A
   
   ## Testing
   Existing unit tests.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Upgrade Hadoop 2 to 2.10.1 because of CVE-2020-9492
> ---------------------------------------------------
>
>                 Key: DRILL-8130
>                 URL: https://issues.apache.org/jira/browse/DRILL-8130
>             Project: Apache Drill
>          Issue Type: Bug
>          Components: library
>    Affects Versions: 1.20.0
>            Reporter: James Turton
>            Assignee: James Turton
>            Priority: Blocker
>             Fix For: 1.20.0
>
>
> Upgrade Hadoop 2 to 2.10.1 because of CVE-2020-9492



--
This message was sent by Atlassian Jira
(v8.20.1#820001)