The Hadoop common library is required by the Iceberg core library still, primarily for the configuration classes. Hadoop common brings in several transitive dependencies that are not being used that have critical- and high-level security vulnerabilities. These vulnerabilities prevent us from publishing the sink to Confluent Hub.
This PR excludes additional transitive dependencies brought in by Hadoop common to resolve the vulnerabilities.
NOTE: this only impacts the default distribution. When using Hive or HDFS, the hive distribution must be used as it includes the Hadoop and Hive clients. The hive distribution is not meant to be published to Confluent Hub.
The Hadoop common library is required by the Iceberg core library still, primarily for the configuration classes. Hadoop common brings in several transitive dependencies that are not being used that have critical- and high-level security vulnerabilities. These vulnerabilities prevent us from publishing the sink to Confluent Hub.
This PR excludes additional transitive dependencies brought in by Hadoop common to resolve the vulnerabilities.
NOTE: this only impacts the default distribution. When using Hive or HDFS, the
hivedistribution must be used as it includes the Hadoop and Hive clients. Thehivedistribution is not meant to be published to Confluent Hub.