[
https://issues.apache.org/jira/browse/DRILL-8267?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17568804#comment-17568804
]
ASF GitHub Bot commented on DRILL-8267:
---------------------------------------
pjfanning commented on PR #2609:
URL: https://github.com/apache/drill/pull/2609#issuecomment-1189772826
I suspect that maybe hadoop (or some other lib) used to use
commons-configuration instead of commons-configuration2 as it does now - and
that Drill added the dependency to try to keep the maven build happy.
> remove commons-configuration dependency
> ---------------------------------------
>
> Key: DRILL-8267
> URL: https://issues.apache.org/jira/browse/DRILL-8267
> Project: Apache Drill
> Issue Type: Improvement
> Reporter: PJ Fanning
> Priority: Major
>
> https://mvnrepository.com/artifact/commons-configuration/commons-configuration/1.10
> This jar is EOL and has many very insecure dependencies.
> Looks like this dependency is not used by Drill or any of its dependencies.
> Hadoop uses commons-configuration2 instead.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
