Hintic opened a new issue, #849: URL: https://github.com/apache/rocketmq-clients/issues/849
### Before Creating the Bug Report - [X] I found a bug, not just asking a question, which should be created in [GitHub Discussions](https://github.com/apache/rocketmq-clients/discussions). - [X] I have searched the [GitHub Issues](https://github.com/apache/rocketmq-clients/issues) and [GitHub Discussions](https://github.com/apache/rocketmq-clients/discussions) of this repository and believe that this is not a duplicate. - [X] I have confirmed that this bug belongs to the current repository, not other repositories of RocketMQ. ### Programming Language of the Client Java ### Runtime Platform Environment Linux ### RocketMQ Version of the Client/Server rocketmq-acl: 4.9.6; rocketmq-client 4.9.6 ### Run or Compiler Version _No response_ ### Describe the Bug Rocket-acl java client introduced fastjson, vulnerability number: CNVD-2022-40233 1. We upgraded acl and found that fastjson was removed after version 5.3.0, but rocketmq-client in version 5.3.0 introduced fastjson in common 2. We now remove it through exclusion in maven, and would like to consult whether it will affect the overall function ### Steps to Reproduce null ### What Did You Expect to See? null ### What Did You See Instead? null ### Additional Context _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@rocketmq.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
