[ https://issues.apache.org/jira/browse/PHOENIX-7393?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Viraj Jasani reassigned PHOENIX-7393: ------------------------------------- Assignee: Grzegorz Kokosinski > Exclude woodstox-core to fix CVE-2022-40152 > ------------------------------------------- > > Key: PHOENIX-7393 > URL: https://issues.apache.org/jira/browse/PHOENIX-7393 > Project: Phoenix > Issue Type: Improvement > Reporter: Grzegorz Kokosinski > Assignee: Grzegorz Kokosinski > Priority: Major > > Exclude woodstox-core to fix [CVE-2022-40152 > (|https://github.com/advisories/GHSA-3f7h-mf4q-vrm4] > [https://nvd.nist.gov/vuln/detail/CVE-2022-40152]). > This is a transitive dependency from hadoop, it is most likely not needed for > phoenix. Notice that any product that is using {{phoenix-client-embedded}} to > use Phoenix internally, is flagged with this CVEs > This is used in Trino phoenix connector. Then it makes entire Trino flagged > with this CVE. -- This message was sent by Atlassian Jira (v8.20.10#820010)