[
https://issues.apache.org/jira/browse/DRILL-8262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17568806#comment-17568806
]
ASF GitHub Bot commented on DRILL-8262:
---------------------------------------
jnturton commented on PR #2607:
URL: https://github.com/apache/drill/pull/2607#issuecomment-1189777929
@kingswanwho another one to backport to the stable branch.
> Xalan is EOL and has a never to be fixed CVE
> --------------------------------------------
>
> Key: DRILL-8262
> URL: https://issues.apache.org/jira/browse/DRILL-8262
> Project: Apache Drill
> Issue Type: Improvement
> Reporter: PJ Fanning
> Priority: Major
>
> Xalan is no longer supported.
> https://lists.apache.org/thread/s8kjny5270ssfcp46v0fl39lk98987w7
> It is better to use JAXP TransformerFactory than using xalan directly. If you
> add xalan dependency just to ensure that you have a JAXP compliant
> transformer on the classpath, this is unnecessary - the Java runtime has a
> built-in implementation.
> Drill dependency:
> https://mvnrepository.com/artifact/org.apache.drill.exec/drill-java-exec/1.20.0
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
