[
https://issues.apache.org/jira/browse/PHOENIX-3659?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Josh Elser updated PHOENIX-3659:
--------------------------------
Attachment: PHOENIX-3659.001.patch
.001 Quick update to 1.2.4. Didn't see any failures locally.
> Remove transitive OWASP esapi dependency
> ----------------------------------------
>
> Key: PHOENIX-3659
> URL: https://issues.apache.org/jira/browse/PHOENIX-3659
> Project: Phoenix
> Issue Type: Task
> Reporter: Josh Elser
> Assignee: Josh Elser
> Priority: Blocker
> Fix For: 4.10.0
>
> Attachments: PHOENIX-3659.001.patch
>
>
> HBase accidentally let OWASP's ESAPI artifact slip into a few release which
> is not allowed (as there are GPL deps).
> This was resolved in 1.1.6 and 1.2.3. A trivial fix would be to upgrade the
> 1.1 and 1.2 branches to these versions, but I don't know if there are other
> implications to doing that..
> I'm not sure if there are runtime concerns if we just omit those
> dependencies. Would have to look at the suite of reverts that came in via
> HBASE-16317 to see if any of them would actually affect us in phoenix-landia.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
