Grzegorz Kokosinski created PHOENIX-7393:
--------------------------------------------
Summary: Exclude woodstox-core to fix CVE-2022-40152
Key: PHOENIX-7393
URL: https://issues.apache.org/jira/browse/PHOENIX-7393
Project: Phoenix
Issue Type: Improvement
Reporter: Grzegorz Kokosinski
Exclude woodstox-core to fix [CVE-2022-40152
(|https://github.com/advisories/GHSA-3f7h-mf4q-vrm4]
[https://nvd.nist.gov/vuln/detail/CVE-2022-40152]).
This is a transitive dependency from hadoop, it is most likely not needed for
phoenix. Notice that any product that is using {{phoenix-client-embedded}} to
use Phoenix internally, is flagged with this CVEs
This is used in Trino phoenix connector. Then it makes entire Trino flagged
with this CVE.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
