[
https://issues.apache.org/jira/browse/RANGER-4038?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17907044#comment-17907044
]
AlexVazquez commented on RANGER-4038:
-------------------------------------
First of all, apologies for the delay [~hmaurya]
I understand you point, handling this huge PR is nearly imposible and I'm so
sorry for the inconvenience.
I wasn´t aware about the JDK 17 PR, so thank you. I'll review it as soon as
possible.
However, I'm unsure about how to split the commits, because the initil ones
(and even more than just the initials ones) leave the project in an
inconsistent state, making it impossible to compile.
Is there another option? Perhaps working on a version branch or something
similar? I’m not sure, you have more knowledge about this than I do.
Have you ever handled a similar task before? I mean, a major feature requiring
changes to many interconnected base libraries
> Upgrade spring framework and spring security versions
> -----------------------------------------------------
>
> Key: RANGER-4038
> URL: https://issues.apache.org/jira/browse/RANGER-4038
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Himanshu Maurya
> Assignee: Himanshu Maurya
> Priority: Major
>
> Pivotal Spring Framework up to (excluding) 6.0.0 suffers from a potential
> remote code execution (RCE) issue if used for Java deserialization of
> untrusted data. Depending on how the library is implemented within a product,
> this issue may or not occur, and authentication may be required.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
