[
https://issues.apache.org/jira/browse/PHOENIX-3659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15859849#comment-15859849
]
James Taylor commented on PHOENIX-3659:
---------------------------------------
Good catch, [~elserj]! Let's just bump our pom version to be at or above 1.1.6
and 1.2.3. I don't think that'll be an issue.
> Remove transitive OWASP esapi dependency
> ----------------------------------------
>
> Key: PHOENIX-3659
> URL: https://issues.apache.org/jira/browse/PHOENIX-3659
> Project: Phoenix
> Issue Type: Task
> Reporter: Josh Elser
> Priority: Blocker
>
> HBase accidentally let OWASP's ESAPI artifact slip into a few release which
> is not allowed (as there are GPL deps).
> This was resolved in 1.1.6 and 1.2.3. A trivial fix would be to upgrade the
> 1.1 and 1.2 branches to these versions, but I don't know if there are other
> implications to doing that..
> I'm not sure if there are runtime concerns if we just omit those
> dependencies. Would have to look at the suite of reverts that came in via
> HBASE-16317 to see if any of them would actually affect us in phoenix-landia.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
