zclllyybb commented on code in PR #48476:
URL: https://github.com/apache/doris/pull/48476#discussion_r2010056085
##########
fe/pom.xml:
##########
@@ -793,6 +794,12 @@ under the License.
<artifactId>commons-lang3</artifactId>
<version>${commons-lang3.version}</version>
</dependency>
+ <!--
https://mvnrepository.com/artifact/org.apache.commons/commons-math3 -->
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-math3</artifactId>
+ <version>${commons-math3.version}</version>
+ </dependency>
Review Comment:
why do you think a math library should update frequently? and why do you
think it's possible for normal math function to have CVE? for the functions our
used in this PR, it even has no loop, let alone quadratic residues or something
dangerous. even in glibc, the last modification of those function themselves
was in 2015. and not any after 2018.
Btw, implementing a math function is basically a work for mathematician, not
programmer.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
