Uploaded image for project: 'Phoenix'
  1. Phoenix
  2. PHOENIX-3659

Remove transitive OWASP esapi dependency

    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • None
    • 4.10.0
    • None
    • None

    Description

      HBase accidentally let OWASP's ESAPI artifact slip into a few release which is not allowed (as there are GPL deps).

      This was resolved in 1.1.6 and 1.2.3. A trivial fix would be to upgrade the 1.1 and 1.2 branches to these versions, but I don't know if there are other implications to doing that..

      I'm not sure if there are runtime concerns if we just omit those dependencies. Would have to look at the suite of reverts that came in via HBASE-16317 to see if any of them would actually affect us in phoenix-landia.

      Attachments

        1. PHOENIX-3659.001.patch
          0.6 kB
          Josh Elser

        Issue Links

          is related to

          Sub-task - The sub-task of the issue HBASE-16317 revert all ESAPI changes

          • Blocker - Blocks development and/or testing work, production could not run
          • Resolved

          Activity

            People

              elserj Josh Elser
              elserj Josh Elser
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: