[
https://issues.apache.org/jira/browse/FLINK-30274?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ran Tao updated FLINK-30274:
----------------------------
Description:
First, Apache commons-collections 3.x is a Java 1.3 compatible version, and it
does not use Java 5 generics. Apache commons-collections4 4.4 is an upgraded
version of commons-collections and it built by Java 8.
The Apache Spark has same issue: [https://github.com/apache/spark/pull/35257]
was:
First, Apache commons-collections 3.x is a Java 1.3 compatible version, and it
does not use Java 5 generics. Apache commons-collections4 4.4 is an upgraded
version of commons-collections and it built by Java 8.
Second, Apache commons-collections 3.x is vulnerable. see
https://issues.apache.org/jira/browse/COLLECTIONS-701
We can upgrade this dependency, but i found that currently 3.x was used by
flink-core many places. So at least we need offer commons-collections4 support
to forbid the next and later error usages (developers or submodules use this
new version).
The Apache Spark has same issue: [https://github.com/apache/spark/pull/35257]
[^image-2022-12-02-16-40-22-172.png]
> Add commons-collections4 to replace commons-collections 3.x
> ------------------------------------------------------------
>
> Key: FLINK-30274
> URL: https://issues.apache.org/jira/browse/FLINK-30274
> Project: Flink
> Issue Type: Technical Debt
> Components: Build System
> Affects Versions: 1.16.0
> Reporter: Ran Tao
> Assignee: Ran Tao
> Priority: Major
> Labels: pull-request-available
> Attachments: image-2022-12-02-16-40-22-172.png
>
>
> First, Apache commons-collections 3.x is a Java 1.3 compatible version, and
> it does not use Java 5 generics. Apache commons-collections4 4.4 is an
> upgraded version of commons-collections and it built by Java 8.
> The Apache Spark has same issue: [https://github.com/apache/spark/pull/35257]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
