[
https://issues.apache.org/jira/browse/HADOOP-17820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17390228#comment-17390228
]
Akira Ajisaka commented on HADOOP-17820:
----------------------------------------
jdom 1 can be removed by upgrading aliyun-sdk-oss:
https://github.com/aliyun/aliyun-oss-java-sdk/blob/3.13.0/pom.xml#L27-L29
> Remove dependency on jdom
> -------------------------
>
> Key: HADOOP-17820
> URL: https://issues.apache.org/jira/browse/HADOOP-17820
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Siyao Meng
> Assignee: Siyao Meng
> Priority: Major
>
> It doesn't seem that jdom is referenced anywhere in the code base now, yet it
> exists in the distribution.
> {code}
> $ find . -name "*jdom*.jar"
> ./hadoop-3.4.0-SNAPSHOT/share/hadoop/tools/lib/jdom-1.1.jar
> {code}
> There is recently
> [CVE-2021-33813|https://github.com/advisories/GHSA-2363-cqg2-863c] issued for
> jdom. Let's remove the binary from the dist if not useful.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
