Andrew Kyle Purtell created PHOENIX-7482:
--------------------------------------------
Summary: Replace uses of org.iq80.snappy:snappy with
org.xerial.snappy:snappy-java
Key: PHOENIX-7482
URL: https://issues.apache.org/jira/browse/PHOENIX-7482
Project: Phoenix
Issue Type: Improvement
Components: core
Reporter: Andrew Kyle Purtell
Assignee: Andrew Kyle Purtell
org.iq80.snappy is subject to CVE-2024-36124 just like Xerial Snappy. This was
flagged by a dependency scanner. This was an occasion to revisit Snappy
algorithm providers. Xerial Snappy is much more widely used, is a Phoenix
dependency already, provides the same functionality, virtually the same API, is
and is a dependency of Hadoop and HBase and others. Why also depend and use,
only in two places, iq80 snappy?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
