Grzegorz Kokosinski created PHOENIX-7393: --------------------------------------------
Summary: Exclude woodstox-core to fix CVE-2022-40152 Key: PHOENIX-7393 URL: https://issues.apache.org/jira/browse/PHOENIX-7393 Project: Phoenix Issue Type: Improvement Reporter: Grzegorz Kokosinski Exclude woodstox-core to fix [CVE-2022-40152 (|https://github.com/advisories/GHSA-3f7h-mf4q-vrm4] [https://nvd.nist.gov/vuln/detail/CVE-2022-40152]). This is a transitive dependency from hadoop, it is most likely not needed for phoenix. Notice that any product that is using {{phoenix-client-embedded}} to use Phoenix internally, is flagged with this CVEs This is used in Trino phoenix connector. Then it makes entire Trino flagged with this CVE. -- This message was sent by Atlassian Jira (v8.20.10#820010)