You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@drill.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2021/04/02 09:10:00 UTC

[jira] [Commented] (DRILL-7790) Build Drill with Netty version 4.1.50.Final

    [ https://issues.apache.org/jira/browse/DRILL-7790?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17313726#comment-17313726 ] 

ASF GitHub Bot commented on DRILL-7790:
---------------------------------------

vdiravka commented on pull request #2185:
URL: https://github.com/apache/drill/pull/2185#issuecomment-812444074


   > @luocooong Hi. It wasn't tested in a real world in distributed mode. Only with a single drillbit.
   @rymarm Possibly we may want regression test cluster to test all PR on the distributed Drill cluster
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Build Drill with Netty version 4.1.50.Final
> -------------------------------------------
>
>                 Key: DRILL-7790
>                 URL: https://issues.apache.org/jira/browse/DRILL-7790
>             Project: Apache Drill
>          Issue Type: Bug
>    Affects Versions: 1.17.0
>            Reporter: alka kumari
>            Assignee: Rymar Maksym
>            Priority: Major
>
> Hi,
>  
> In apache Drill Client 1.17, Netty version 4.0.48.Final is being used and it suffers from vulnerability (CVE-2019-16869):
>  https://www.cvedetails.com/cve/CVE-2019-16869/
>  https://snyk.io/vuln/maven:io.netty%3Anetty-all
>  
> This has been fixed in the latest netty (4.1.50.Final).
>  
> We want to build a drill with the latest Netty version that is free from any vulnerabilities. 
>  
> As there are many breaking changes from 4.0.48 to 4.1.50, I have modified the code accordingly. 
>  
> I noticed that after trying to upgrade the dependency, I was unable to connect with SSL enabled.
>   
>  ERROR:
>  Connecting to the server timed out. This is sometimes due to a mismatch in the SSL configuration between client and server. [ Exception: Waited 10000 milliseconds for org.apache.drill.shaded.guava.com.google.common.util.concurrent.SettableFuture@6ea2bc93[status=PENDING]].
>   
>  
> I have created a pull request containing the changes which I have tried to make.
>  
> Could someone please advise further on what needs to be changed?
>  
> Regards,
>  Alka



--
This message was sent by Atlassian Jira
(v8.3.4#803005)