[
https://issues.apache.org/jira/browse/KAFKA-15203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17849983#comment-17849983
]
Ganesh Sadanala commented on KAFKA-15203:
-----------------------------------------
[~chia7712] The library does not work as expected on projects using JDK 16+
There is no other library which can scan without the configuration
files/metadata. I guess we have to wait until the deprecation is addressed.
Two problem due to delayed deprecation:
# The implementation of `ServiceLoader` is not noticeable because it is used
in combine with Reflections. So the performance wise no change is observed.
# Security vulnerabilities would be still valid.
Unless it is a serious issue, it can be awaited. This is my opinion.
> Remove dependency on Reflections
> ---------------------------------
>
> Key: KAFKA-15203
> URL: https://issues.apache.org/jira/browse/KAFKA-15203
> Project: Kafka
> Issue Type: Bug
> Components: connect
> Reporter: Divij Vaidya
> Assignee: Ganesh Sadanala
> Priority: Major
> Labels: newbie
> Fix For: 5.0.0
>
>
> We currently depend on reflections library which is EOL. Quoting from the
> GitHub site:
> _> Please note: Reflections library is currently NOT under active development
> or maintenance_
>
> This poses a supply chain risk for our project where the security fixes and
> other major bugs in underlying dependency may not be addressed timely.
> Hence, we should plan to remove this dependency.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
