We do not want Ranger in the platform, and the extension has multiple critical vulnerabilities:
CVE-2019-10202
CVE-2019-17571
CVE-2022-23305
CVE-2022-23307
one way to exclude ranger is to remove the <module>extensions-core/druid-ranger-security</module> definition line from the pom.xml before building from source.
blocked - requires build from source to be done first
Once implemented, mark the CVEs as resolved in SecObserve
We do not want Ranger in the platform, and the extension has multiple critical vulnerabilities:
one way to exclude ranger is to remove the
<module>extensions-core/druid-ranger-security</module>
definition line from thepom.xml
before building from source.blocked - requires build from source to be done first
Once implemented, mark the CVEs as resolved in SecObserve