[jira] [Updated] (IMPALA-11670) Upgrade components for CVEs, make it easier to override versions
[ https://issues.apache.org/jira/browse/IMPALA-11670?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Smith updated IMPALA-11670: --- Fix Version/s: Impala 4.2.0 > Upgrade components for CVEs, make it easier to override versions > > > Key: IMPALA-11670 > URL: https://issues.apache.org/jira/browse/IMPALA-11670 > Project: IMPALA > Issue Type: Task >Affects Versions: Impala 4.1.0 >Reporter: Michael Smith >Assignee: Michael Smith >Priority: Critical > Fix For: Impala 4.2.0 > > > Upgrade guava and jackson-databind for > - guava: > [CVE-2020-8908|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908] > - jackson-databind: > [CVE-2022-42003|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003], > > [CVE-2022-42004|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004] > Also make it easier to override versions of commonly updated dependencies by > declaring the version as environment variables in impala-config.sh (so that > impala-branch-config.sh can override it as needed). -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org For additional commands, e-mail: issues-all-h...@impala.apache.org
[jira] [Updated] (IMPALA-11670) Upgrade components for CVEs, make it easier to override versions
[ https://issues.apache.org/jira/browse/IMPALA-11670?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Smith updated IMPALA-11670: --- Priority: Critical (was: Major) > Upgrade components for CVEs, make it easier to override versions > > > Key: IMPALA-11670 > URL: https://issues.apache.org/jira/browse/IMPALA-11670 > Project: IMPALA > Issue Type: Task >Affects Versions: Impala 4.1.0 >Reporter: Michael Smith >Assignee: Michael Smith >Priority: Critical > > Upgrade guava and jackson-databind for > - guava: > [CVE-2020-8908|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908] > - jackson-databind: > [CVE-2022-42003|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003], > > [CVE-2022-42004|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004] > Also make it easier to override versions of commonly updated dependencies by > declaring the version as environment variables in impala-config.sh (so that > impala-branch-config.sh can override it as needed). -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org For additional commands, e-mail: issues-all-h...@impala.apache.org
