Robert Kanter created OOZIE-2410:
------------------------------------
Summary: Fork collections-generic
Key: OOZIE-2410
URL: https://issues.apache.org/jira/browse/OOZIE-2410
Project: Oozie
Issue Type: Bug
Affects Versions: trunk
Reporter: Robert Kanter
Assignee: Robert Kanter
Priority: Critical
Fix For: trunk
The Jung library used by the {{GraphGenerator}} code is using an old fork of
Commons-Collections which added generics. There was recently a security bug in
Commons-Collections (COLLECTIONS-580). The fork we're using hasn't been
updated since 2010 and is dead, so it won't get the security fix
(Commons-Collections 3.2.2 or 4.1). While Oozie isn't currently vulnerable to
an attack due to this, it would be good to patch this just to be safe.
Unfortunately, the best way to fix this is to fork the fork, which isn't super
great. Anyway, we can make a new "oozie-collections-generic" module with the
collections-generic code + the security fixes applied.
In the long run, we should implement OOZIE-2406, which will completely rewrite
the {{GraphGenerator}} (there's a number of other downsides with the current
implementation listed there).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
