ccaominh opened a new pull request #9489: Suppress CVEs for htrace-core4 and openstack-swift URL: https://github.com/apache/druid/pull/9489 ### Description CVE-2013-7109 can be ignored for openstack-swift as it is for the python SDK and druid uses the java SDK. The jackson-databind:2.4.0 CVEs via htrace-core4 are all suppressed for now as fixing them requires updating the hadoop version. <hr> This PR has: - [x] been self-reviewed. - [x] added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
