[jira] [Updated] (PHOENIX-7163) Do Not Dependency Manage commons-configuration2 Version

Istvan Toth (Jira) Mon, 01 Jan 2024 23:15:14 -0800


     [ 
https://issues.apache.org/jira/browse/PHOENIX-7163?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Istvan Toth updated PHOENIX-7163:
---------------------------------
    Summary: Do Not Dependency Manage commons-configuration2 Version  (was: Do 
not dependency manage commons-configuration2 version)

> Do Not Dependency Manage commons-configuration2 Version
> -------------------------------------------------------
>
>                 Key: PHOENIX-7163
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-7163
>             Project: Phoenix
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 5.2.0, 5.1.4
>            Reporter: Istvan Toth
>            Priority: Major
>
> We are using commons-configurations2 for the Hadoop metrics code, because 
> that Hadoop API is badly broken.
> Because of this, I have added dependency management for that dependency.
> We are setting an old version, which is known to have CVEs.
> Remove the dependency managment so that we can pick up any possible future 
> fixes from Hadoop instead.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (PHOENIX-7163) Do Not Dependency Manage commons-configuration2 Version

Reply via email to