We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update to Pac4j v6, Java 17 and Nimbus version on Druid.
Currently there is a high CVE vulnerability on Nimbus that requires a update to Pac4j and an upgrade to Java as noticed on #16986 . On our end we have updated to use Java 17 and when trying to update our Pac4j version from v4 to v6, we noticed that our build breaks because of some classes that we are implementing on the druid side (such as https://github.com/apache/druid/blob/30.0.0/server/src/main/java/org/apache/druid/server/security/Authenticator.java#L29 ) which is using javax while the new pac4j versions require jakarta. Javax is no longer supported: https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api . There are a couple other failures related to this which are breaking for us.
There was a attempt done looks like on the druid side which had to be reverted : #16986
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Description
Update to Pac4j v6, Java 17 and Nimbus version on Druid.
Motivation
Currently there is a high CVE vulnerability on Nimbus that requires a update to Pac4j and an upgrade to Java as noticed on #16986 . On our end we have updated to use Java 17 and when trying to update our Pac4j version from v4 to v6, we noticed that our build breaks because of some classes that we are implementing on the druid side (such as https://github.com/apache/druid/blob/30.0.0/server/src/main/java/org/apache/druid/server/security/Authenticator.java#L29 ) which is using javax while the new pac4j versions require jakarta. Javax is no longer supported: https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api . There are a couple other failures related to this which are breaking for us.
There was a attempt done looks like on the druid side which had to be reverted : #16986
The text was updated successfully, but these errors were encountered: