[
https://issues.apache.org/jira/browse/DRILL-8200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17528266#comment-17528266
]
James Turton commented on DRILL-8200:
-------------------------------------
[~tdunning] I read it the same. So I would guess that makes a minority of Drill
users vulnerable, but still some. I actually have not checked if Drill even
calls into the vulberable parts of the hadoop-common API so this could be a
complete non-event. But users won't look that deeply either, I guess, they'll
just receive a warning from some automated scanner and get worried...
> Update hadoop-common to ≥ 3.2.3 for CVE-2022-26612
> --------------------------------------------------
>
> Key: DRILL-8200
> URL: https://issues.apache.org/jira/browse/DRILL-8200
> Project: Apache Drill
> Issue Type: Bug
> Components: library
> Affects Versions: 1.20.0
> Reporter: James Turton
> Assignee: James Turton
> Priority: Critical
> Fix For: 2.0.0
>
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
