Youngwb opened a new issue, #12930: URL: https://github.com/apache/hudi/issues/12930
hudi common depends on `hbase-protocol-shaded-2.4.13.jar` and `htrace-core4-4.2.0-incubating.jar` Among them, `hbase-protocol-shaded` also depends on ` htrace-core` .  The htrace-core dependency on jackson-databind has many vulnerabilities.  We want to exclude `jackson-databind ` using Maven's <exclusions> mechanism. However, these two JAR files are packaged using the Maven Shade Plugin, and there is no direct way to exclude them. Does the community currently have a way to work around this issue, or is there a plan to fix this vulnerability? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@hudi.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
