Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Pac4j v6 and Nimbus in Druid #17379

Open
bios6 opened this issue Oct 18, 2024 · 0 comments
Open

Update Pac4j v6 and Nimbus in Druid #17379

bios6 opened this issue Oct 18, 2024 · 0 comments

Comments

@bios6
Copy link

bios6 commented Oct 18, 2024

Description

Update to Pac4j v6, Java 17 and Nimbus version on Druid.

Motivation

Currently there is a high CVE vulnerability on Nimbus that requires a update to Pac4j and an upgrade to Java as noticed on #16986 . On our end we have updated to use Java 17 and when trying to update our Pac4j version from v4 to v6, we noticed that our build breaks because of some classes that we are implementing on the druid side (such as https://github.com/apache/druid/blob/30.0.0/server/src/main/java/org/apache/druid/server/security/Authenticator.java#L29 ) which is using javax while the new pac4j versions require jakarta. Javax is no longer supported: https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api . There are a couple other failures related to this which are breaking for us.

There was a attempt done looks like on the druid side which had to be reverted : #16986

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant