This is an automated email from the ASF dual-hosted git repository. yong pushed a commit to branch branch-4.14 in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
commit 356fe037d6674f38f5b46f6f7733d4e460c80f7e Author: Nicolò Boschi <[email protected]> AuthorDate: Fri Oct 15 02:10:41 2021 +0200 Upgrade httpclient from 4.5.5 to 4.5.13 (#2793) Upgrade httpclient from 4.5.5 to 4.5.13 (on gradle dependencies it was already on 4.5.13) ### Motivation Resolve security vulnerability, see https://github.com/advisories/GHSA-7r82-7xv7-xcpj (cherry picked from commit 04650521b3a91e03cf598a647ecd58df106d081b) --- bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt | 4 ++-- bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt | 4 ++-- bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt | 4 ++-- pom.xml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt index 73b6c3a..1100a4f 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt @@ -285,8 +285,8 @@ Apache Software License, Version 2. - lib/com.google.errorprone-error_prone_annotations-2.4.0.jar [36] - lib/org.apache.yetus-audience-annotations-0.5.0.jar [37] - lib/org.jctools-jctools-core-2.1.2.jar [38] -- lib/org.apache.httpcomponents-httpclient-4.5.5.jar [39] -- lib/org.apache.httpcomponents-httpcore-4.4.9.jar [40] +- lib/org.apache.httpcomponents-httpclient-4.5.13.jar [39] +- lib/org.apache.httpcomponents-httpcore-4.4.13.jar [40] - lib/org.apache.thrift-libthrift-0.14.2.jar [41] - lib/com.google.android-annotations-4.1.1.4.jar [42] - lib/com.google.http-client-google-http-client-1.34.0.jar [43] diff --git a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt index 4ace15e..5a89cab 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt @@ -265,8 +265,8 @@ Apache Software License, Version 2. - lib/com.google.errorprone-error_prone_annotations-2.4.0.jar [35] - lib/org.apache.yetus-audience-annotations-0.5.0.jar [36] - lib/org.jctools-jctools-core-2.1.2.jar [37] -- lib/org.apache.httpcomponents-httpclient-4.5.5.jar [38] -- lib/org.apache.httpcomponents-httpcore-4.4.9.jar [39] +- lib/org.apache.httpcomponents-httpclient-4.5.13.jar [38] +- lib/org.apache.httpcomponents-httpcore-4.4.13.jar [39] - lib/org.apache.thrift-libthrift-0.14.2.jar [40] - lib/com.google.android-annotations-4.1.1.4.jar [41] - lib/com.google.auto.value-auto-value-annotations-1.7.jar [42] diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt index 126a1b2..e2474f7 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt @@ -285,8 +285,8 @@ Apache Software License, Version 2. - lib/com.google.errorprone-error_prone_annotations-2.4.0.jar [36] - lib/org.apache.yetus-audience-annotations-0.5.0.jar [37] - lib/org.jctools-jctools-core-2.1.2.jar [38] -- lib/org.apache.httpcomponents-httpclient-4.5.5.jar [39] -- lib/org.apache.httpcomponents-httpcore-4.4.9.jar [40] +- lib/org.apache.httpcomponents-httpclient-4.5.13.jar [39] +- lib/org.apache.httpcomponents-httpcore-4.4.13.jar [40] - lib/org.apache.thrift-libthrift-0.14.2.jar [41] - lib/com.google.android-annotations-4.1.1.4.jar [42] - lib/com.google.http-client-google-http-client-1.34.0.jar [43] diff --git a/pom.xml b/pom.xml index 003c31e..de52ae6 100644 --- a/pom.xml +++ b/pom.xml @@ -153,7 +153,7 @@ <powermock.version>2.0.2</powermock.version> <prometheus.version>0.8.1</prometheus.version> <datasketches.version>0.8.3</datasketches.version> - <httpclient.version>4.5.5</httpclient.version> + <httpclient.version>4.5.13</httpclient.version> <protobuf.version>3.14.0</protobuf.version> <protoc3.version>3.14.0</protoc3.version> <protoc-gen-grpc-java.version>${grpc.version}</protoc-gen-grpc-java.version>
