rzo1 commented on PR #3520: URL: https://github.com/apache/storm/pull/3520#issuecomment-1458679593
Thanks for the review! > Looks good. Thanks. It reverts a security fix (which was incompatible with jdk8). We will have to drop jdk8 and add jdk17 very soon. But till then, this will have to do. I agree, that we should drop Java 8 at some point (given that Java 21 will land soon). If you are talking about https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4065, I don't think, that the test dependency will give a huge attack vector (as we do not ship it) as (in the context of the project) only processes trusted content, no? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@storm.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
