aiguofer commented on issue #647: URL: https://github.com/apache/arrow-java/issues/647#issuecomment-2699352385
Well, I tried that but apparently their tool still gave the same output. Wonder if the issue actually stems from the Windows build for `netty-tcnative`? looking through that repo I didn't see anything related to Windows builds specifically. Either that, or Blackduck is just picking up some false positive. Either way, since the CVE is only for the `dll` and they're running on RHEL, I think we're just going to do: ``` ❯ zip -d flight-sql-jdbc-driver-[version].jar META-INF/native/org_apache_arrow_driver_jdbc_shaded_netty_tcnative_windows_x86_64.dll ``` Thanks! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: github-unsubscr...@arrow.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
