[ https://issues.apache.org/jira/browse/DRILL-8200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17528266#comment-17528266 ]
James Turton commented on DRILL-8200: ------------------------------------- [~tdunning] I read it the same. So I would guess that makes a minority of Drill users vulnerable, but still some. I actually have not checked if Drill even calls into the vulberable parts of the hadoop-common API so this could be a complete non-event. But users won't look that deeply either, I guess, they'll just receive a warning from some automated scanner and get worried... > Update hadoop-common to ≥ 3.2.3 for CVE-2022-26612 > -------------------------------------------------- > > Key: DRILL-8200 > URL: https://issues.apache.org/jira/browse/DRILL-8200 > Project: Apache Drill > Issue Type: Bug > Components: library > Affects Versions: 1.20.0 > Reporter: James Turton > Assignee: James Turton > Priority: Critical > Fix For: 2.0.0 > > -- This message was sent by Atlassian Jira (v8.20.7#820007)