5.2 release branch is created. Please feel free to build the artifacts for
the local testing purpose.
We should likely have 5.2.0 release in about a week’s time.
On Mon, Feb 19, 2024 at 9:40 PM Istvan Toth
wrote:
> While that may be true for Jackson, it generally is not true for all
> componen
While that may be true for Jackson, it generally is not true for all
components.
Replacing dependencies is sometimes really as simple as a version update,
and sometimes requires extensive code modifications, or re-vamping the
dependencies.
AFAICT the current de facto policy of the Apache HBase com
In Trino we have our own patched Hadoop library (3.3.5 based) but we are
slowly removing dependencies on Hadoop from the codebase (it's pretty
isolated already).
As for the HBase - if Phoenix is shading HBase, for the end user (like
Trino) the CVEs are coming from Phoenix, not HBase. Can you exclu
Thanks, Mateusz.
The vast majority of these is coming from either HBase or Hadoop.
(We always do a CVE pass on the direct Phoenix dependencies before release)
Unfortunately, Hadoop is generally not binary compatible between minor
releases, so using a newer Hadoop minor release than the default us
Rendered:
https://github.com/trinodb/trino/pull/20739#issuecomment-1952114587
On Mon, Feb 19, 2024 at 10:43 AM Mateusz Gajewski <
mateusz.gajew...@starburstdata.com> wrote:
> Yeah, attachment was sent but not delivered.
>
> Inline version
>
> "avro" "1.7.7" "java-archive" "CVE-2023-39410" "High"
Yeah, attachment was sent but not delivered.
Inline version
"avro" "1.7.7" "java-archive" "CVE-2023-39410" "High" "When deserializing
untrusted or corrupted data, it is possible for a reader to consume memory
beyond the allowed constraints and thus lead to out of memory on the
system. This issue
HI,
I can't see an attachment on this email.
Istvan
On Sun, Feb 18, 2024 at 6:02 PM Mateusz Gajewski <
mateusz.gajew...@starburstdata.com> wrote:
> Hi Phoenix team,
>
> I've built and tested upcoming 5.1.4 version by building it from the 5.1
> branch (5.1.3-124-gb6ca402f9) and would like to ask
Hi Phoenix team,
I've built and tested upcoming 5.1.4 version by building it from the 5.1
branch (5.1.3-124-gb6ca402f9) and would like to ask to address several CVEs
before releasing 5.1.4. Phoenix integration in Trino (
https://github.com/trinodb/trino) is one of two connectors with really high
n