Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
Impala 2.7.0
-
None
Description
Our FE pom.xml includes a couple of dependencies that I don't think are needed, and that are pinned to specific versions that might be susceptible to vulnerabilities now or in the future:
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.2.1</version> </dependency> <dependency> <groupId>org.apache.derby</groupId> <artifactId>derby</artifactId> <version>10.4.2.0</version> </dependency>