[ https://issues.apache.org/jira/browse/DRILL-7981?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Charles Givre resolved DRILL-7981. ---------------------------------- Resolution: Fixed > Bump commons-compress from 1.20 to 1.21 for CVE-2021-36090 > ---------------------------------------------------------- > > Key: DRILL-7981 > URL: https://issues.apache.org/jira/browse/DRILL-7981 > Project: Apache Drill > Issue Type: Improvement > Reporter: Cong Luo > Assignee: Cong Luo > Priority: Major > Fix For: 1.20.0 > > > When reading a specially crafted ZIP archive, Compress can be made to > allocate large amounts of memory that finally leads to an out of memory error > even for very small inputs. This could be used to mount a denial of service > attack against services that use Compress' zip package. -- This message was sent by Atlassian Jira (v8.20.1#820001)