DRILL-8165: Upgrade liquibase because of CVE-2022-0839#2497
Merged
cgivre merged 1 commit intoapache:masterfrom Mar 21, 2022
Merged
DRILL-8165: Upgrade liquibase because of CVE-2022-0839#2497cgivre merged 1 commit intoapache:masterfrom
cgivre merged 1 commit intoapache:masterfrom
Conversation
cgivre
approved these changes
Mar 18, 2022
Contributor
cgivre
left a comment
cgivre
left a comment
There was a problem hiding this comment.
LGTM +1. Would you mind please rebasing on current master and re-running the CI to see if we can get a clean run of it?
metastore/rdbms-metastore/src/main/java/org/apache/drill/metastore/rdbms/RdbmsMetastore.java
Show resolved
Hide resolved
jnturton
pushed a commit
to jnturton/drill
that referenced
this pull request
May 11, 2022
jnturton
pushed a commit
to jnturton/drill
that referenced
this pull request
May 11, 2022
jnturton
added a commit
that referenced
this pull request
May 12, 2022
* Prepare for the next bugfix iteration. * SAS Reader fixes (#2472) Co-authored-by: pseudomo <pseudomo@yandex.ru> * Add jackson-bom (#2454) * [DRILL-8150] log4j 2.17.2 in format-excel (#2476) * DRILL-8151: Add support for more ElasticSearch and Cassandra data types (#2477) * DRILL-8154: Upgrade to poi 5.2.1 (#2480) * DRILL-8145: Fix flaky TestDrillbitResilience#memoryLeaksWhenCancelled test case (#2471) * Set Brotli codec jar and test to occur only on Linux amd64. * DRILL-8145: Fix flaky TestDrillbitResilience#memoryLeaksWhenCancelled test case - changing timeout for TestDrillbitResilience tests - timing tuning for memoryLeaksWhenCancelled - update TestContainers version - -DforkCount=1 for Travis Maven build - directMemoryMb: 2500 -> 4500 leads to less occasinal test failures Co-authored-by: James Turton <james@somecomputer.xyz> * [MINOR UPDATE] Add Stalebot Config (#2487) * [MINOR UPDATE] Fix license for Stalebot Config (#2488) * DRILL-8156: Declare and chown a /data VOLUME in the Drill Dockerfile (#2491) * Add a mountpoint and VOLUME for local storage to Dockerfile. * Address review comments concerning layer ordering. * Fix image size blowup by moving chmod to intermediate container. * Combine RUN commands in Dockerfile. * DRILL-8168: Do not duplicate attempts to impersonate a user in the REST API (#2495) * DRILL-8172: Use the specified memory usage for Travis CI (#2500) * DRILL-8165: Upgrade liquibase because of CVE-2022-0839 (#2497) * Create codeql-analysis.yml * Update codeql-analysis.yml Removed cpp from code analysis * [MINOR UPDATE] Add license to CodeQL YAML (#2501) * DRILL-8176: Upgrade Jackson Due to CVE-2020-36518 (#2504) * DRILL-8164: Upgrade metadata-extractor because of CVE-2022-24613 (#2493) * DRILL-8164: Upgrade metadata-extractor because of CVE-2022-24613 * Update the ProfileCopyright tag name * Update the mov format name * Add the QuickTime.Rotation tag * Bump metadata-extractor to 2.17.0 * DRILL-8178: Bump AWS Libraries to Latest Version (#2506) * DRILL-8175: Update Drill release script after 1.20 (#2503) * Set DRILL_PID_DIR in Dockerfile to writable location for distributed mode. Some users of the images built from this Dockerfile customise them so that they launch Drill in distributed mode instead of embedded mode. This change saves them from having to set DRILL_PID_DIR themselves in order to succeed. * Update release script and instructions after the release of 1.20. - Add support for specifying a build profile such as "hadoop-2". - Update instuctions for the Drill web site. - Update instructions for uploading RCs (no more home.apache) - Some fixes. * DRILL-8176: minor issue in previous jackson bom (#2508) * minor issue in previous jackson bom * Update pom.xml * DRILL-8187: Dialect factory returns ANSI SQL dialect for BigQuery (#2513) * DRILL-8192: Cassandra queries fail when enabled Mongo plugin (#2518) * DRILL-8013: Drill attempts to push "$SUM0" to JDBC storage plugin for AVG (#2521) * DRILL-8194: Fix the function of REPLACE throws IndexOutOfBoundsException If text's length is more than previously applied (#2522) * DRILL-8200: Update Hadoop libs to ≥ 3.2.3 for CVE-2022-26612 (#2525) * Remove pointless Buffer casts. Compiling Drill with JDK > 8 will still result in ByteBuffer <-> Buffer cast exceptions at runtime when running on JDK 8 even though maven.target.version is set to 8. Setting maven.compiler.release to 8 solves the Buffer casts but raises a compilation error of package sun.security.jgss does not exist for JDK 8. There were a few handwritten casts to avoid the Buffer casting issue but many instances are not covered so the few reverted in this commit achieve nothing. * Update Hadoop to 3.2.3. * [MINOR UPDATE] Update AWS Java SDK to 1.12.211 * DRILL-8219: Handle null catalog names returned by DB2 in storage-jdbc. (#2542) Co-authored-by: pseudomo <yura_levchenko@mail.ru> Co-authored-by: pseudomo <pseudomo@yandex.ru> Co-authored-by: Rymar Maksym <rim.maxim+dev@gmail.com> Co-authored-by: PJ Fanning <pjfanning@users.noreply.github.com> Co-authored-by: Volodymyr Vysotskyi <vvovyk@gmail.com> Co-authored-by: Vitalii Diravka <vitalii@apache.org> Co-authored-by: Charles S. Givre <cgivre@apache.org> Co-authored-by: luoc <luoc@apache.org> Co-authored-by: xurenhe <xurenhe19910131@gmail.com>
jnturton
pushed a commit
to jnturton/drill
that referenced
this pull request
Jul 11, 2022
ashevchuk123
pushed a commit
to mapr/incubator-drill
that referenced
this pull request
Oct 28, 2025
* Prepare for the next bugfix iteration. * SAS Reader fixes (apache#2472) Co-authored-by: pseudomo <pseudomo@yandex.ru> * Add jackson-bom (apache#2454) * [DRILL-8150] log4j 2.17.2 in format-excel (apache#2476) * DRILL-8151: Add support for more ElasticSearch and Cassandra data types (apache#2477) * DRILL-8154: Upgrade to poi 5.2.1 (apache#2480) * DRILL-8145: Fix flaky TestDrillbitResilience#memoryLeaksWhenCancelled test case (apache#2471) * Set Brotli codec jar and test to occur only on Linux amd64. * DRILL-8145: Fix flaky TestDrillbitResilience#memoryLeaksWhenCancelled test case - changing timeout for TestDrillbitResilience tests - timing tuning for memoryLeaksWhenCancelled - update TestContainers version - -DforkCount=1 for Travis Maven build - directMemoryMb: 2500 -> 4500 leads to less occasinal test failures Co-authored-by: James Turton <james@somecomputer.xyz> * [MINOR UPDATE] Add Stalebot Config (apache#2487) * [MINOR UPDATE] Fix license for Stalebot Config (apache#2488) * DRILL-8156: Declare and chown a /data VOLUME in the Drill Dockerfile (apache#2491) * Add a mountpoint and VOLUME for local storage to Dockerfile. * Address review comments concerning layer ordering. * Fix image size blowup by moving chmod to intermediate container. * Combine RUN commands in Dockerfile. * DRILL-8168: Do not duplicate attempts to impersonate a user in the REST API (apache#2495) * DRILL-8172: Use the specified memory usage for Travis CI (apache#2500) * DRILL-8165: Upgrade liquibase because of CVE-2022-0839 (apache#2497) * Create codeql-analysis.yml * Update codeql-analysis.yml Removed cpp from code analysis * [MINOR UPDATE] Add license to CodeQL YAML (apache#2501) * DRILL-8176: Upgrade Jackson Due to CVE-2020-36518 (apache#2504) * DRILL-8164: Upgrade metadata-extractor because of CVE-2022-24613 (apache#2493) * DRILL-8164: Upgrade metadata-extractor because of CVE-2022-24613 * Update the ProfileCopyright tag name * Update the mov format name * Add the QuickTime.Rotation tag * Bump metadata-extractor to 2.17.0 * DRILL-8178: Bump AWS Libraries to Latest Version (apache#2506) * DRILL-8175: Update Drill release script after 1.20 (apache#2503) * Set DRILL_PID_DIR in Dockerfile to writable location for distributed mode. Some users of the images built from this Dockerfile customise them so that they launch Drill in distributed mode instead of embedded mode. This change saves them from having to set DRILL_PID_DIR themselves in order to succeed. * Update release script and instructions after the release of 1.20. - Add support for specifying a build profile such as "hadoop-2". - Update instuctions for the Drill web site. - Update instructions for uploading RCs (no more home.apache) - Some fixes. * DRILL-8176: minor issue in previous jackson bom (apache#2508) * minor issue in previous jackson bom * Update pom.xml * DRILL-8187: Dialect factory returns ANSI SQL dialect for BigQuery (apache#2513) * DRILL-8192: Cassandra queries fail when enabled Mongo plugin (apache#2518) * DRILL-8013: Drill attempts to push "$SUM0" to JDBC storage plugin for AVG (apache#2521) * DRILL-8194: Fix the function of REPLACE throws IndexOutOfBoundsException If text's length is more than previously applied (apache#2522) * DRILL-8200: Update Hadoop libs to ≥ 3.2.3 for CVE-2022-26612 (apache#2525) * Remove pointless Buffer casts. Compiling Drill with JDK > 8 will still result in ByteBuffer <-> Buffer cast exceptions at runtime when running on JDK 8 even though maven.target.version is set to 8. Setting maven.compiler.release to 8 solves the Buffer casts but raises a compilation error of package sun.security.jgss does not exist for JDK 8. There were a few handwritten casts to avoid the Buffer casting issue but many instances are not covered so the few reverted in this commit achieve nothing. * Update Hadoop to 3.2.3. * [MINOR UPDATE] Update AWS Java SDK to 1.12.211 * DRILL-8219: Handle null catalog names returned by DB2 in storage-jdbc. (apache#2542) Co-authored-by: pseudomo <yura_levchenko@mail.ru> Co-authored-by: pseudomo <pseudomo@yandex.ru> Co-authored-by: Rymar Maksym <rim.maxim+dev@gmail.com> Co-authored-by: PJ Fanning <pjfanning@users.noreply.github.com> Co-authored-by: Volodymyr Vysotskyi <vvovyk@gmail.com> Co-authored-by: Vitalii Diravka <vitalii@apache.org> Co-authored-by: Charles S. Givre <cgivre@apache.org> Co-authored-by: luoc <luoc@apache.org> Co-authored-by: xurenhe <xurenhe19910131@gmail.com> # Conflicts: # common/pom.xml # contrib/data/pom.xml # contrib/data/tpch-sample-data/pom.xml # contrib/format-esri/pom.xml # contrib/format-excel/pom.xml # contrib/format-hdf5/pom.xml # contrib/format-httpd/pom.xml # contrib/format-iceberg/pom.xml # contrib/format-image/pom.xml # contrib/format-image/src/test/resources/image/mov.json # contrib/format-ltsv/pom.xml # contrib/format-maprdb/pom.xml # contrib/format-pcapng/pom.xml # contrib/format-pdf/pom.xml # contrib/format-sas/pom.xml # contrib/format-spss/pom.xml # contrib/format-syslog/pom.xml # contrib/format-xml/pom.xml # contrib/pom.xml # contrib/storage-cassandra/pom.xml # contrib/storage-druid/pom.xml # contrib/storage-elasticsearch/pom.xml # contrib/storage-hbase/pom.xml # contrib/storage-hive/core/pom.xml # contrib/storage-hive/hive-exec-shade/pom.xml # contrib/storage-hive/pom.xml # contrib/storage-http/pom.xml # contrib/storage-jdbc/pom.xml # contrib/storage-kafka/pom.xml # contrib/storage-kudu/pom.xml # contrib/storage-mongo/pom.xml # contrib/storage-opentsdb/pom.xml # contrib/storage-phoenix/pom.xml # contrib/storage-splunk/pom.xml # contrib/udfs/pom.xml # distribution/pom.xml # drill-yarn/pom.xml # exec/java-exec/pom.xml # exec/jdbc-all/pom.xml # exec/jdbc/pom.xml # exec/memory/base/pom.xml # exec/memory/pom.xml # exec/pom.xml # exec/rpc/pom.xml # exec/vector/pom.xml # logical/pom.xml # metastore/iceberg-metastore/pom.xml # metastore/metastore-api/pom.xml # metastore/mongo-metastore/pom.xml # metastore/pom.xml # metastore/rdbms-metastore/pom.xml # pom.xml # protocol/pom.xml # tools/fmpp/pom.xml # tools/pom.xml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
DRILL-8165: Upgrade liquibase because of CVE-2022-0839
Description
Split from the #2493
Please note that we should replace the
DatabaseFactory.getInstance()withScope.getCurrentScope().getSingleton(DatabaseFactory.class)once the following issue is resolved.Documentation
N/A
Testing
Use the CI.