[
https://issues.apache.org/jira/browse/PHOENIX-7163?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Istvan Toth updated PHOENIX-7163:
---------------------------------
Description:
We are using commons-configurations2 for the Hadoop metrics code, because that
Hadoop API is badly broken.
Because of this, I have added dependency management for that dependency.
We are setting an old version, which is known to have CVEs.
-Remove the dependency managment so that we can pick up any possible future
fixes from Hadoop instead.-
Hadoop has updated to 2.8.0 without any code changes.
Since we only add this for the Hadoop API leak , we may update to 2.8.0 just as
well.
was:
We are using commons-configurations2 for the Hadoop metrics code, because that
Hadoop API is badly broken.
Because of this, I have added dependency management for that dependency.
We are setting an old version, which is known to have CVEs.
Remove the dependency managment so that we can pick up any possible future
fixes from Hadoop instead.
> Update commons-configuration2 to 2.8.0
> --------------------------------------
>
> Key: PHOENIX-7163
> URL: https://issues.apache.org/jira/browse/PHOENIX-7163
> Project: Phoenix
> Issue Type: Bug
> Components: core
> Affects Versions: 5.2.0, 5.1.4
> Reporter: Istvan Toth
> Assignee: Istvan Toth
> Priority: Major
>
> We are using commons-configurations2 for the Hadoop metrics code, because
> that Hadoop API is badly broken.
> Because of this, I have added dependency management for that dependency.
> We are setting an old version, which is known to have CVEs.
> -Remove the dependency managment so that we can pick up any possible future
> fixes from Hadoop instead.-
> Hadoop has updated to 2.8.0 without any code changes.
> Since we only add this for the Hadoop API leak , we may update to 2.8.0 just
> as well.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
