tisonkun commented on PR #20070: URL: https://github.com/apache/pulsar/pull/20070#issuecomment-1504500994
FWIW - I noticed that the vertx version number is pulled in at https://github.com/apache/pulsar/pull/7997 which has a comment: > <!--TODO: When pulsar uses https://github.com/apache/bookkeeper/pull/2410 in --> > <!-- the next bk version, please remove the following content.--> That is, we temporarily workaround a CVE issue https://github.com/apache/pulsar/issues/7931 but later leave it as is. Generally, the vert.x dependency should be conveyed from BK and such issues should be fixed at the BK side. May or may not we just remove explicit vertx version dependency in Pulsar side to avoid further such version mismatch issue. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
