Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Pac4j v6 and Nimbus in Druid #17379

Open
bios6 opened this issue Oct 18, 2024 · 0 comments
Open

Update Pac4j v6 and Nimbus in Druid #17379

bios6 opened this issue Oct 18, 2024 · 0 comments
Labels
Feature/Change Description

Comments

@bios6
Copy link

bios6 commented Oct 18, 2024

Description

Update to Pac4j v6, Java 17 and Nimbus version on Druid.

Motivation

Currently there is a high CVE vulnerability on Nimbus that requires a update to Pac4j and an upgrade to Java as noticed on #16986 . On our end we have updated to use Java 17 and when trying to update our Pac4j version from v4 to v6, we noticed that our build breaks because of some classes that we are implementing on the druid side (such as https://github.com/apache/druid/blob/30.0.0/server/src/main/java/org/apache/druid/server/security/Authenticator.java#L29 ) which is using javax while the new pac4j versions require jakarta. Javax is no longer supported: https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api . There are a couple other failures related to this which are breaking for us.

There was a attempt done looks like on the druid side which had to be reverted : #16986
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature/Change Description
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bios6