jojochuang commented on code in PR #5144:
URL: https://github.com/apache/hbase/pull/5144#discussion_r1168966765
##########
hbase-http/pom.xml:
##########
@@ -169,6 +169,48 @@
<artifactId>log4j-slf4j-impl</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
Review Comment:
Just a comment.
I am a little concerned to include apache directory server. It's a big
project with lots of dependencies, and there's been no release over 3 years.
Very likely this dependency is going to to introduce transitive dependency
versions know to be vulnerable. The apache directory server quarterly report
last October mentioned a new release is coming up but nothing happens yet.
I understand this is for test scope only, so this is not a real issue.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
