zhaoyuanTian123 opened a new issue, #25393: URL: https://github.com/apache/pulsar/issues/25393
The pulsar-client 3.3.2 depends on a shaded version of org.asynchttpclient:async-http-client 2.12.1, which is affected by the critical CVE GHSA-mfj5-cf8g-g2fv. Expected behavior: pulsar-client should not include dependencies with critical/high CVEs. Current behavior: Critical CVE is detected in the pulsar-client dependency tree -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
