alka kumari created DRILL-7790:
----------------------------------
Summary: Build Drill with Netty version 4.1.50.Final
Key: DRILL-7790
URL: https://issues.apache.org/jira/browse/DRILL-7790
Project: Apache Drill
Issue Type: Bug
Affects Versions: 1.17.0
Reporter: alka kumari
Hi,
In apache Drill Client 1.17, Netty version 4.0.48.Final is being used and it
suffers from vulnerability (CVE-2019-16869):
https://www.cvedetails.com/cve/CVE-2019-16869/
https://snyk.io/vuln/maven:io.netty%3Anetty-all
This has been fixed in the latest netty (4.1.50.Final).
We want to build a drill with the latest Netty version that is free from any
vulnerabilities.
As there are many breaking changes from 4.0.48 to 4.1.50, I have modified the
code accordingly.
I noticed that after trying to upgrade the dependency, I was unable to connect
with SSL enabled.
ERROR:
Connecting to the server timed out. This is sometimes due to a mismatch in the
SSL configuration between client and server. [ Exception: Waited 10000
milliseconds for
org.apache.drill.shaded.guava.com.google.common.util.concurrent.SettableFuture@6ea2bc93[status=PENDING]].
I have created a pull request containing the changes which I have tried to make.
Could someone please advise further on what needs to be changed?
Regards,
Alka
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
