kokosing commented on PR #332: URL: https://github.com/apache/ranger/pull/332#issuecomment-2223483939
@mneethiraj it looks like htrace is having a shaded dependency for jackson which is outdated and have plenty of CVEs. I am not sure how it was used in Ranger from my short investigation it looks like is either not used or there is missing infrastructure part in tests. Since htrace is no longer supported I think it should be removed from Ranger and potentially if needed I would recommend using opentelemetry. Would you like to help me to contribute this change? Also our scanners flagged other CVEs related issues, if this contribution is successful I would be very happy to update other libraries. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
