Hadoop libraries and CVEs

[ahmedriza]

hadoop-common has a lot of transitive dependencies with a number of CVEs: https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-common/3.3.5

It doesn't appear that the Hadoop folk are in a hurry to fix these. For example, one really astonishing fact is that hadoop-common continues to use a very, very old version of commons-collections (3.2.2).

Perhaps you can reduce the surface area of the hadoop libs exposed (not sure how feasible this is).

[vkorukanti]

This repo has been deprecated and the code is moved under connectors module in https://github.com/delta-io/delta repository. Please create the issue in repository https://github.com/delta-io/delta. See #556 for details.