Uploaded image for project: 'Phoenix'
  1. Phoenix
  2. PHOENIX-3659

Remove transitive OWASP esapi dependency

    XMLWordPrintableJSON

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.10.0
    • Labels:
      None

      Description

      HBase accidentally let OWASP's ESAPI artifact slip into a few release which is not allowed (as there are GPL deps).

      This was resolved in 1.1.6 and 1.2.3. A trivial fix would be to upgrade the 1.1 and 1.2 branches to these versions, but I don't know if there are other implications to doing that..

      I'm not sure if there are runtime concerns if we just omit those dependencies. Would have to look at the suite of reverts that came in via HBASE-16317 to see if any of them would actually affect us in phoenix-landia.

        Attachments

        1. PHOENIX-3659.001.patch
          0.6 kB
          Josh Elser

          Issue Links

            Activity

              People

              • Assignee:
                elserj Josh Elser
                Reporter:
                elserj Josh Elser
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: