abhioncbr opened a new issue, #11085: URL: https://github.com/apache/pinot/issues/11085
We use `commons-configuration 1.10` in the Pinot project to save and manage all different properties. `Commons-configuration` latest(1.10) release was in 2023, and the project made many breaking changes. It is now known as `commons-configuration2` As per the documentation, there are some significant enhancements like - [Improved Thread-Safety](https://commons.apache.org/proper/commons-configuration/userguide/howto_concurrency.html): The library has improved its design to support multithreaded environments better, making it more reliable in applications that use multiple threads. - Another area in which significant changes took place is the support for [event notifications](https://commons.apache.org/proper/commons-configuration/userguide/howto_events.html). Commons Configuration 1.x had two types of event listeners for configuration update events and error events. Version 2.0 adds some more event sources - events generated by configuration builders and reloading events - Supports more features than the original, including improved XML configurations, JSON configuration, and combined configuration. Also, `commons-configuration` has the following vulnerabilities(As per [maven-repository](https://mvnrepository.com/artifact/commons-configuration/commons-configuration/1.10)). Vulnerabilities | Vulnerabilities from dependencies:CVE-2022-41852CVE-2022-40161CVE-2022-40160CVE-2022-40159CVE-2022-40158CVE-2022-40157CVE-2022-23437CVE-2022-23307CVE-2022-23305CVE-2022-23302CVE-2021-4104CVE-2020-15250CVE-2020-14338CVE-2019-17571CVE-2019-10086CVE-2018-8088CVE-2015-7501CVE-2015-6420CVE-2014-0114CVE-2013-4002CVE-2012-0881CVE-2009-2625 -- | -- However, the upgrade isn't straightforward and requires significant codebase changes. I plan to work on this if the proposal for upgrading the version looks good. cc: @Jackie-Jiang @mayankshriv -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
