Details
-
Improvement
-
Status: Resolved
-
Normal
-
Resolution: Fixed
-
Operability
-
Normal
-
All
-
Security
-
Description
Apache Cassandra depends on Maven Ant Tasks (MAT) during build, for declaring dependencies and generating POM files from within build.xml. MAT has long been retired (no commits since maintenance in 2015), has registered CVEs in dependencies (CVE-2017-1000487), and encourages migration to its successor, Maven Artifact Resolver Ant Tasks (MARAT).
As part of CASSANDRA-16391 <https://issues.apache.org/jira/browse/CASSANDRA-16391>, mck migrated dependency resolution to MARAT, but MAT is still included in our build for generating POMs since MARAT does not have an alternative to the writepom task provided by MAT. I have a patch ready that removes MAT completely, with a workaround for POM generation.
I am not advocating for any kind of migration away from Ant to an alternative like Gradle or Maven, just to be extra clear.
Attachments
Issue Links
- causes
-
CASSANDRA-17946 Upgrade back Mockito to 4.7.0 after CASSANDRA-17750
-
- Resolved
-
- relates to
-
CASSANDRA-18799 Update org.caffinitas.ohc:ohc-core dependency and remove org.caffinitas.ohc:ohc-core-j8
-
- Changes Suggested
-
- links to
