nicoloboschi opened a new pull request #14884: URL: https://github.com/apache/pulsar/pull/14884
### Motivation For the Athenz ZTS client we're using the fat jar `athenz-zts-java-client` which contains a vulnerable version of jacksond-databind (https://github.com/apache/pulsar/pull/14871#issuecomment-1079034179) There's no need to use the fat jar since the only case would be if Jersey 1 is used (we use 2.34) ### Modifications * Move to athenz-zts-java-client-core which is the regular dependency * Bump version to 1.10.50. This is useful because in the latest versions they reduced a lot the transitive dependencies. I checked all the new dependencies. There are two mismatch which should not be cause issues: * Jersey: athenz-zts-java-client-core use 2.35 * Aws SDK 1: they use 1.12.x while Pulsar forces to 1.11.x. It shouldn't be necessary to upgrade to 1.12 - [x] `no-need-doc` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
