[jira] [Reopened] (IMPALA-9649) Exclude shiro-crypto-core and shiro-core jars from maven download

David Knupp (Jira) Thu, 23 Apr 2020 16:57:58 -0700


     [ 
https://issues.apache.org/jira/browse/IMPALA-9649?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


David Knupp reopened IMPALA-9649:
---------------------------------

> Exclude shiro-crypto-core and shiro-core jars from maven download
> -----------------------------------------------------------------
>
>                 Key: IMPALA-9649
>                 URL: https://issues.apache.org/jira/browse/IMPALA-9649
>             Project: IMPALA
>          Issue Type: Bug
>          Components: Frontend
>    Affects Versions: Impala 4.0
>            Reporter: David Knupp
>            Assignee: David Knupp
>            Priority: Major
>             Fix For: Impala 4.0
>
>
> These jars have known security vulnerabilities. They are included as part of 
> Sentry, and are not used by Impala directly. 
> There's a currently a plan to remove Sentry altogether, but since will 
> require non-trivial effort, until that time, let's exclude these items from 
> the maven download.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org
For additional commands, e-mail: issues-all-h...@impala.apache.org

[jira] [Reopened] (IMPALA-9649) Exclude shiro-crypto-core and shiro-core jars from maven download

Reply via email to