Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-7790

Build Drill with Netty version 4.1.50.Final

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.17.0
    • Fix Version/s: 1.19.0
    • Component/s: None
    • Labels:
      None

      Description

      Hi,
       
      In apache Drill Client 1.17, Netty version 4.0.48.Final is being used and it suffers from vulnerability (CVE-2019-16869):
      https://www.cvedetails.com/cve/CVE-2019-16869/
      https://snyk.io/vuln/maven:io.netty%3Anetty-all
       
      This has been fixed in the latest netty (4.1.50.Final).
       
      We want to build a drill with the latest Netty version that is free from any vulnerabilities. 
       
      As there are many breaking changes from 4.0.48 to 4.1.50, I have modified the code accordingly. 
       
      I noticed that after trying to upgrade the dependency, I was unable to connect with SSL enabled.
       
      ERROR:
      Connecting to the server timed out. This is sometimes due to a mismatch in the SSL configuration between client and server. [ Exception: Waited 10000 milliseconds for org.apache.drill.shaded.guava.com.google.common.util.concurrent.SettableFuture@6ea2bc93[status=PENDING]].
       
       
      I have created a pull request containing the changes which I have tried to make.
       
      Could someone please advise further on what needs to be changed?
       
      Regards,
      Alka

        Attachments

          Activity

            People

            • Assignee:
              mrymar Rymar Maksym
              Reporter:
              alka_kumari alka kumari
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: