Vladimir Sitnikov created CASSANDRA-20994:
---------------------------------------------
Summary: Drop commons-lang3 dependency
Key: CASSANDRA-20994
URL: https://issues.apache.org/jira/browse/CASSANDRA-20994
Project: Apache Cassandra
Issue Type: Improvement
Reporter: Vladimir Sitnikov
Currently Cassandra uses only a few classes from commons-lang3, and it would
probably be worth dropping the dependency for the following reasons:
1) Better security. {{commons-*}} follows "all features in a single jar"
pattern, so a CVE in one of the classes would impact Cassandra
2) Fewer bytes to ship with binary distribution. `commons-lang3` is ~650K
I have raised a suggestion to make {{commons-lang3}} modular and extract
modules like {{commons-stringutils}}, {{commons-arrayutils}}, however, Commons
team does not seem to like the idea.
Commons PMC members often suggest that users should clone the code or shade
commons-lang, see
https://lists.apache.org/thread/xzdhv57o9rnxtzn5fqbtkzj0hdkbm339
So I wonder what do you think of dropping commons-lang3 and replacing it with
core Java?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
