[jira] [Assigned] (PHOENIX-7393) Exclude woodstox-core to fix CVE-2022-40152

Viraj Jasani (Jira) Mon, 26 Aug 2024 12:43:04 -0700


     [ 
https://issues.apache.org/jira/browse/PHOENIX-7393?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Viraj Jasani reassigned PHOENIX-7393:
-------------------------------------

    Assignee: Grzegorz Kokosinski

> Exclude woodstox-core to fix CVE-2022-40152
> -------------------------------------------
>
>                 Key: PHOENIX-7393
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-7393
>             Project: Phoenix
>          Issue Type: Improvement
>            Reporter: Grzegorz Kokosinski
>            Assignee: Grzegorz Kokosinski
>            Priority: Major
>
> Exclude woodstox-core to fix [CVE-2022-40152 
> (|https://github.com/advisories/GHSA-3f7h-mf4q-vrm4] 
> [https://nvd.nist.gov/vuln/detail/CVE-2022-40152]).
> This is a transitive dependency from hadoop, it is most likely not needed for 
> phoenix. Notice that any product that is using {{phoenix-client-embedded}} to 
> use Phoenix internally, is flagged with this CVEs
> This is used in Trino phoenix connector. Then it makes entire Trino flagged 
> with this CVE.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (PHOENIX-7393) Exclude woodstox-core to fix CVE-2022-40152

Reply via email to