Details
-
Task
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
Impala 4.1.0
-
None
-
None
-
ghx-label-1
Description
Upgrade guava and jackson-databind for
- guava: CVE-2020-8908
- jackson-databind: CVE-2022-42003, CVE-2022-42004
Also make it easier to override versions of commonly updated dependencies by declaring the version as environment variables in impala-config.sh (so that impala-branch-config.sh can override it as needed).