[jira] [Commented] (DRILL-8200) Update hadoop-common to ≥ 3.2.3 for CVE-2022-26612

[James Turton (Jira)]

[ 
https://issues.apache.org/jira/browse/DRILL-8200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17528266#comment-17528266
 ] 

James Turton commented on DRILL-8200:
-

[~tdunning] I read it the same. So I would guess that makes a minority of Drill 
users vulnerable, but still some. I actually have not checked if Drill even 
calls into the vulberable parts of the hadoop-common API so this could be a 
complete non-event. But users won't look that deeply either, I guess, they'll 
just receive a warning from some automated scanner and get worried...

> Update hadoop-common to ≥ 3.2.3 for CVE-2022-26612
> --
>
> Key: DRILL-8200
> URL: https://issues.apache.org/jira/browse/DRILL-8200
> Project: Apache Drill
>  Issue Type: Bug
>  Components: library
>Affects Versions: 1.20.0
>Reporter: James Turton
>Assignee: James Turton
>Priority: Critical
> Fix For: 2.0.0
>
>




--
This message was sent by Atlassian Jira
(v8.20.7#820007)

[jira] [Commented] (DRILL-8200) Update hadoop-common to ≥ 3.2.3 for CVE-2022-26612

[Ted Dunning (Jira)]

[ 
https://issues.apache.org/jira/browse/DRILL-8200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17528249#comment-17528249
 ] 

Ted Dunning commented on DRILL-8200:


My reading of the CVE indicates that this applies only on Windows.

Do others see it the same?

> Update hadoop-common to ≥ 3.2.3 for CVE-2022-26612
> --
>
> Key: DRILL-8200
> URL: https://issues.apache.org/jira/browse/DRILL-8200
> Project: Apache Drill
>  Issue Type: Bug
>  Components: library
>Affects Versions: 1.20.0
>Reporter: James Turton
>Assignee: James Turton
>Priority: Critical
> Fix For: 2.0.0
>
>




--
This message was sent by Atlassian Jira
(v8.20.7#820007)