[ https://issues.apache.org/jira/browse/PHOENIX-7163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17801688#comment-17801688 ]
ASF GitHub Bot commented on PHOENIX-7163: ----------------------------------------- stoty opened a new pull request, #1776: URL: https://github.com/apache/phoenix/pull/1776 (no comment) > Do Not Dependency Manage commons-configuration2 Version > ------------------------------------------------------- > > Key: PHOENIX-7163 > URL: https://issues.apache.org/jira/browse/PHOENIX-7163 > Project: Phoenix > Issue Type: Bug > Components: core > Affects Versions: 5.2.0, 5.1.4 > Reporter: Istvan Toth > Assignee: Istvan Toth > Priority: Major > > We are using commons-configurations2 for the Hadoop metrics code, because > that Hadoop API is badly broken. > Because of this, I have added dependency management for that dependency. > We are setting an old version, which is known to have CVEs. > Remove the dependency managment so that we can pick up any possible future > fixes from Hadoop instead. -- This message was sent by Atlassian Jira (v8.20.10#820010)