You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@drill.apache.org by "Rymar Maksym (Jira)" <ji...@apache.org> on 2021/05/18 11:18:00 UTC
[jira] [Resolved] (DRILL-7790) Build Drill with Netty version
4.1.50.Final
[ https://issues.apache.org/jira/browse/DRILL-7790?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rymar Maksym resolved DRILL-7790.
---------------------------------
Fix Version/s: 1.19.0
Resolution: Fixed
> Build Drill with Netty version 4.1.50.Final
> -------------------------------------------
>
> Key: DRILL-7790
> URL: https://issues.apache.org/jira/browse/DRILL-7790
> Project: Apache Drill
> Issue Type: Bug
> Affects Versions: 1.17.0
> Reporter: alka kumari
> Assignee: Rymar Maksym
> Priority: Major
> Fix For: 1.19.0
>
>
> Hi,
>
> In apache Drill Client 1.17, Netty version 4.0.48.Final is being used and it suffers from vulnerability (CVE-2019-16869):
> https://www.cvedetails.com/cve/CVE-2019-16869/
> https://snyk.io/vuln/maven:io.netty%3Anetty-all
>
> This has been fixed in the latest netty (4.1.50.Final).
>
> We want to build a drill with the latest Netty version that is free from any vulnerabilities.
>
> As there are many breaking changes from 4.0.48 to 4.1.50, I have modified the code accordingly.
>
> I noticed that after trying to upgrade the dependency, I was unable to connect with SSL enabled.
>
> ERROR:
> Connecting to the server timed out. This is sometimes due to a mismatch in the SSL configuration between client and server. [ Exception: Waited 10000 milliseconds for org.apache.drill.shaded.guava.com.google.common.util.concurrent.SettableFuture@6ea2bc93[status=PENDING]].
>
>
> I have created a pull request containing the changes which I have tried to make.
>
> Could someone please advise further on what needs to be changed?
>
> Regards,
> Alka
--
This message was sent by Atlassian Jira
(v8.3.4#803005)