Building from source now fails due to a newly updated CVE: https://nvd.nist.gov/vuln/detail/CVE-2018-11765, so I'm canceling RC1 and will make RC2 once this is fixed.
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:5.3.2:check (default) on project druid-kerberos: [ERROR] [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0': [ERROR] [ERROR] hadoop-auth-2.8.5.jar: CVE-2018-11765 [ERROR] [ERROR] See the dependency-check report for more details. [ERROR] [ERROR] [ERROR] -> [Help 1] [ERROR] Failed to execute goal org.owasp:dependency-check-maven:5.3.2:check (default) on project ambari-metrics-emitter: [ERROR] [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0': [ERROR] [ERROR] hadoop-annotations-2.8.5.jar: CVE-2018-11765 [ERROR] [ERROR] See the dependency-check report for more details. [ERROR]
