alka kumari created DRILL-7790: ---------------------------------- Summary: Build Drill with Netty version 4.1.50.Final Key: DRILL-7790 URL: https://issues.apache.org/jira/browse/DRILL-7790 Project: Apache Drill Issue Type: Bug Affects Versions: 1.17.0 Reporter: alka kumari
Hi, In apache Drill Client 1.17, Netty version 4.0.48.Final is being used and it suffers from vulnerability (CVE-2019-16869): https://www.cvedetails.com/cve/CVE-2019-16869/ https://snyk.io/vuln/maven:io.netty%3Anetty-all This has been fixed in the latest netty (4.1.50.Final). We want to build a drill with the latest Netty version that is free from any vulnerabilities. As there are many breaking changes from 4.0.48 to 4.1.50, I have modified the code accordingly. I noticed that after trying to upgrade the dependency, I was unable to connect with SSL enabled. ERROR: Connecting to the server timed out. This is sometimes due to a mismatch in the SSL configuration between client and server. [ Exception: Waited 10000 milliseconds for org.apache.drill.shaded.guava.com.google.common.util.concurrent.SettableFuture@6ea2bc93[status=PENDING]]. I have created a pull request containing the changes which I have tried to make. Could someone please advise further on what needs to be changed? Regards, Alka -- This message was sent by Atlassian Jira (v8.3.4#803005)