[
https://issues.apache.org/jira/browse/PHOENIX-6818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17631547#comment-17631547
]
Mate Szalay-Beko commented on PHOENIX-6818:
-------------------------------------------
This problem is hurting us, because i18n-util is using a very old icu4j library
where we found a high and a medium CVE: CVE-2020-10531, CVE-2020-21913. I'm not
entirely sure if these CVEs would affect i18n-util and phoenix-core in
practice, but better safe than sorry.
I can work on this fix.
> Remove dependency on the i18n-util library
> ------------------------------------------
>
> Key: PHOENIX-6818
> URL: https://issues.apache.org/jira/browse/PHOENIX-6818
> Project: Phoenix
> Issue Type: Improvement
> Components: core
> Reporter: Istvan Toth
> Priority: Major
>
> i18n-util development seems to have stopped.
> We should copy the few relevant classes that we use from it, and maintain
> them in Phoenix.
> This also means that we need to depend explicitly on the icu4j library that
> i18n-util depends on.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
