[
https://issues.apache.org/jira/browse/DRILL-8267?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17569294#comment-17569294
]
ASF GitHub Bot commented on DRILL-8267:
---------------------------------------
jnturton commented on code in PR #2609:
URL: https://github.com/apache/drill/pull/2609#discussion_r926359954
##########
pom.xml:
##########
@@ -1984,17 +1983,6 @@
<artifactId>xercesImpl</artifactId>
<version>${xerces.version}</version>
</dependency>
- <dependency>
Review Comment:
Okay @pjfanning, based on @vdiravka's comments I think this dependency
management is helping (to keep commons-logging out) and not hurting, so we
should probably just leave it as it is.
> Remove commons-configuration dependency management
> --------------------------------------------------
>
> Key: DRILL-8267
> URL: https://issues.apache.org/jira/browse/DRILL-8267
> Project: Apache Drill
> Issue Type: Improvement
> Reporter: PJ Fanning
> Priority: Major
>
> https://mvnrepository.com/artifact/commons-configuration/commons-configuration/1.10
> This jar is EOL and has many very insecure dependencies.
> Looks like this dependency is not used by Drill or any of its dependencies.
> Hadoop uses commons-configuration2 instead.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
