[
https://issues.apache.org/jira/browse/DRILL-7790?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17256886#comment-17256886
]
ASF GitHub Bot commented on DRILL-7790:
---------------------------------------
alkakumari42 commented on pull request #2105:
URL: https://github.com/apache/drill/pull/2105#issuecomment-752885403
Hi @cgivre,
Actually, the changes that I have made is not with the intent of merging to
the codebase. It's more of a demonstration of Netty jar up-gradation. As we
tried to upgrade the Netty jar, we found there are many breaking changes that
have been introduced.
So, the issue is not to resolve the conflict and merge the code. It's about
how can we upgrade some jars that are being used in opensource code.
We have tried to upgrade from our end and modify the code accordingly. But,
it didn't seem to work. If there is some suggestion on how to upgrade some of
the jars used by open-source code or should we wait for the Netty jar
up-gradation by the open-source community?
Regards,
Alka
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Build Drill with Netty version 4.1.50.Final
> -------------------------------------------
>
> Key: DRILL-7790
> URL: https://issues.apache.org/jira/browse/DRILL-7790
> Project: Apache Drill
> Issue Type: Bug
> Affects Versions: 1.17.0
> Reporter: alka kumari
> Priority: Major
>
> Hi,
>
> In apache Drill Client 1.17, Netty version 4.0.48.Final is being used and it
> suffers from vulnerability (CVE-2019-16869):
> https://www.cvedetails.com/cve/CVE-2019-16869/
> https://snyk.io/vuln/maven:io.netty%3Anetty-all
>
> This has been fixed in the latest netty (4.1.50.Final).
>
> We want to build a drill with the latest Netty version that is free from any
> vulnerabilities.
>
> As there are many breaking changes from 4.0.48 to 4.1.50, I have modified the
> code accordingly.
>
> I noticed that after trying to upgrade the dependency, I was unable to
> connect with SSL enabled.
>
> ERROR:
> Connecting to the server timed out. This is sometimes due to a mismatch in
> the SSL configuration between client and server. [ Exception: Waited 10000
> milliseconds for
> org.apache.drill.shaded.guava.com.google.common.util.concurrent.SettableFuture@6ea2bc93[status=PENDING]].
>
>
> I have created a pull request containing the changes which I have tried to
> make.
>
> Could someone please advise further on what needs to be changed?
>
> Regards,
> Alka
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
