This is an automated email from the ASF dual-hosted git repository. yong pushed a commit to branch branch-4.14 in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
commit 911c2e9f51301a9c87689b12065ef259b0655bf0 Author: Raúl Gracia <[email protected]> AuthorDate: Wed Oct 13 17:51:57 2021 +0200 Upgraded dependencies with CVEs (#2792) (cherry picked from commit 354cf37c919d756a47691cc710a6e8d2f1933f2b) --- bookkeeper-dist/all/build.gradle | 2 +- bookkeeper-dist/bkctl/build.gradle | 2 +- bookkeeper-dist/server/build.gradle | 2 +- bookkeeper-dist/src/assemble/bin-all.xml | 2 +- bookkeeper-dist/src/assemble/bin-server.xml | 2 +- bookkeeper-dist/src/assemble/bkctl.xml | 2 +- .../src/main/resources/LICENSE-all.bin.txt | 25 +++++++++++----------- .../src/main/resources/LICENSE-bkctl.bin.txt | 10 ++++----- .../src/main/resources/LICENSE-server.bin.txt | 25 +++++++++++----------- .../src/main/resources/NOTICE-all.bin.txt | 15 +++++++------ .../src/main/resources/NOTICE-server.bin.txt | 15 +++++++------ .../{slf4j-1.7.25 => slf4j-1.7.32}/LICENSE.txt | 0 dependencies.gradle | 8 +++---- pom.xml | 6 +++--- 14 files changed, 60 insertions(+), 56 deletions(-) diff --git a/bookkeeper-dist/all/build.gradle b/bookkeeper-dist/all/build.gradle index 9252105..54f44d3 100644 --- a/bookkeeper-dist/all/build.gradle +++ b/bookkeeper-dist/all/build.gradle @@ -71,7 +71,7 @@ def depLicences = [ "scala-library-2.11.7/LICENSE.md", "scala-parser-combinators_2.11-1.0.4/LICENSE.md", "scala-reflect-2.11.8/LICENSE.md", - "slf4j-1.7.25/LICENSE.txt", + "slf4j-1.7.32/LICENSE.txt", ] distributions { diff --git a/bookkeeper-dist/bkctl/build.gradle b/bookkeeper-dist/bkctl/build.gradle index 23605ca..d31e3de 100644 --- a/bookkeeper-dist/bkctl/build.gradle +++ b/bookkeeper-dist/bkctl/build.gradle @@ -40,7 +40,7 @@ def depLicences = [ "bouncycastle-1.0.2/LICENSE.html", "protobuf-3.14.0/LICENSE", "protobuf-3.12.0/LICENSE", - "slf4j-1.7.25/LICENSE.txt", + "slf4j-1.7.32/LICENSE.txt", ] distributions { diff --git a/bookkeeper-dist/server/build.gradle b/bookkeeper-dist/server/build.gradle index 6b32e3d..ccdbb7f 100644 --- a/bookkeeper-dist/server/build.gradle +++ b/bookkeeper-dist/server/build.gradle @@ -64,7 +64,7 @@ def depLicences = [ "bouncycastle-1.0.2/LICENSE.html", "protobuf-3.14.0/LICENSE", "protobuf-3.12.0/LICENSE", - "slf4j-1.7.25/LICENSE.txt", + "slf4j-1.7.32/LICENSE.txt", ] distributions { main { diff --git a/bookkeeper-dist/src/assemble/bin-all.xml b/bookkeeper-dist/src/assemble/bin-all.xml index af03d6d..24a242f 100644 --- a/bookkeeper-dist/src/assemble/bin-all.xml +++ b/bookkeeper-dist/src/assemble/bin-all.xml @@ -66,7 +66,7 @@ <include>scala-library-2.11.7/LICENSE.md</include> <include>scala-parser-combinators_2.11-1.0.4/LICENSE.md</include> <include>scala-reflect-2.11.8/LICENSE.md</include> - <include>slf4j-1.7.25/LICENSE.txt</include> + <include>slf4j-1.7.32/LICENSE.txt</include> </includes> <fileMode>644</fileMode> </fileSet> diff --git a/bookkeeper-dist/src/assemble/bin-server.xml b/bookkeeper-dist/src/assemble/bin-server.xml index 3e39afb..7157f39 100644 --- a/bookkeeper-dist/src/assemble/bin-server.xml +++ b/bookkeeper-dist/src/assemble/bin-server.xml @@ -56,7 +56,7 @@ <include>bouncycastle-1.0.2/LICENSE.html</include> <include>protobuf-3.14.0/LICENSE</include> <include>protobuf-3.12.0/LICENSE</include> - <include>slf4j-1.7.25/LICENSE.txt</include> + <include>slf4j-1.7.32/LICENSE.txt</include> </includes> <fileMode>644</fileMode> </fileSet> diff --git a/bookkeeper-dist/src/assemble/bkctl.xml b/bookkeeper-dist/src/assemble/bkctl.xml index 5e67dd3..73fffc5 100644 --- a/bookkeeper-dist/src/assemble/bkctl.xml +++ b/bookkeeper-dist/src/assemble/bkctl.xml @@ -70,7 +70,7 @@ <include>bouncycastle-1.0.2/LICENSE.html</include> <include>protobuf-3.14.0/LICENSE</include> <include>protobuf-3.12.0/LICENSE</include> - <include>slf4j-1.7.25/LICENSE.txt</include> + <include>slf4j-1.7.32/LICENSE.txt</include> </includes> <fileMode>644</fileMode> </fileSet> diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt index 1100a4f..104bd44 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt @@ -214,7 +214,7 @@ Apache Software License, Version 2. - lib/commons-cli-commons-cli-1.2.jar [5] - lib/commons-codec-commons-codec-1.6.jar [6] - lib/commons-configuration-commons-configuration-1.10.jar [7] -- lib/commons-io-commons-io-2.4.jar [8] +- lib/commons-io-commons-io-2.7.jar [8] - lib/commons-lang-commons-lang-2.6.jar [9] - lib/commons-logging-commons-logging-1.1.1.jar [10] - lib/io.netty-netty-buffer-4.1.63.Final.jar [11] @@ -248,12 +248,13 @@ Apache Software License, Version 2. - lib/org.apache.zookeeper-zookeeper-3.6.2.jar [21] - lib/org.apache.zookeeper-zookeeper-jute-3.6.2.jar [21] - lib/org.apache.zookeeper-zookeeper-3.6.2-tests.jar [21] -- lib/org.eclipse.jetty-jetty-http-9.4.33.v20201020.jar [22] -- lib/org.eclipse.jetty-jetty-io-9.4.33.v20201020.jar [22] -- lib/org.eclipse.jetty-jetty-security-9.4.33.v20201020.jar [22] -- lib/org.eclipse.jetty-jetty-server-9.4.33.v20201020.jar [22] -- lib/org.eclipse.jetty-jetty-servlet-9.4.33.v20201020.jar [22] -- lib/org.eclipse.jetty-jetty-util-9.4.33.v20201020.jar [22] +- lib/org.eclipse.jetty-jetty-http-9.4.43.v20210629.jar [22] +- lib/org.eclipse.jetty-jetty-io-9.4.43.v20210629.jar [22] +- lib/org.eclipse.jetty-jetty-security-9.4.43.v20210629.jar [22] +- lib/org.eclipse.jetty-jetty-server-9.4.43.v20210629.jar [22] +- lib/org.eclipse.jetty-jetty-servlet-9.4.43.v20210629.jar [22] +- lib/org.eclipse.jetty-jetty-util-9.4.43.v20210629.jar [22] +- lib/org.eclipse.jetty-jetty-util-ajax-9.4.43.v20210629.jar [22] - lib/org.rocksdb-rocksdbjni-6.16.4.jar [23] - lib/com.beust-jcommander-1.78.jar [24] - lib/com.yahoo.datasketches-memory-0.8.3.jar [25] @@ -322,7 +323,7 @@ Apache Software License, Version 2. [19] Source available at https://git-wip-us.apache.org/repos/asf?p=commons-collections.git;a=tag;h=a3a5ad [20] Source available at https://git-wip-us.apache.org/repos/asf?p=commons-lang.git;a=shortlog;h=refs/tags/LANG_3_6 [21] Source available at https://github.com/apache/zookeeper/tree/release-3.6.2 -[22] Source available at https://github.com/eclipse/jetty.project/tree/jetty-9.4.33.v20201020 +[22] Source available at https://github.com/eclipse/jetty.project/tree/jetty-9.4.43.v20210629 [23] Source available at https://github.com/facebook/rocksdb/tree/v6.16.4 [24] Source available at https://github.com/cbeust/jcommander/tree/1.78 [25] Source available at https://github.com/DataSketches/sketches-core/tree/sketches-0.8.3 @@ -634,12 +635,12 @@ Bundled as lib/javax.servlet-javax.servlet-api-4.0.0.jar Source available at https://github.com/javaee/servlet-spec/tree/4.0.0 ------------------------------------------------------------------------------------ This product bundles Simple Logging Facade for Java, which is available under a -MIT license. For details, see deps/slf4j-1.7.25/LICENSE.txt. +MIT license. For details, see deps/slf4j-1.7.32/LICENSE.txt. Bundled as - - lib/org.slf4j-slf4j-api-1.7.25.jar - - lib/org.slf4j-slf4j-log4j12-1.7.25.jar -Source available at https://github.com/qos-ch/slf4j/tree/v_1.7.25 + - lib/org.slf4j-slf4j-api-1.7.32.jar + - lib/org.slf4j-slf4j-log4j12-1.7.32.jar +Source available at https://github.com/qos-ch/slf4j/tree/v_1.7.32 ------------------------------------------------------------------------------------ This product bundles the Google Auth Library, which is available under a "3-clause BSD" license. For details, see deps/google-auth-library-credentials-0.20.0/LICENSE diff --git a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt index 5a89cab..7189cc0 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt @@ -214,7 +214,7 @@ Apache Software License, Version 2. - lib/commons-cli-commons-cli-1.2.jar [5] - lib/commons-codec-commons-codec-1.6.jar [6] - lib/commons-configuration-commons-configuration-1.10.jar [7] -- lib/commons-io-commons-io-2.4.jar [8] +- lib/commons-io-commons-io-2.7.jar [8] - lib/commons-lang-commons-lang-2.6.jar [9] - lib/commons-logging-commons-logging-1.1.1.jar [10] - lib/io.netty-netty-buffer-4.1.63.Final.jar [11] @@ -561,12 +561,12 @@ Source available at https://github.com/protocolbuffers/protobuf/tree/v3.12.0 For details, see deps/protobuf-3.12.0/LICENSE. ------------------------------------------------------------------------------------ This product bundles Simple Logging Facade for Java, which is available under a -MIT license. For details, see deps/slf4j-1.7.25/LICENSE.txt. +MIT license. For details, see deps/slf4j-1.7.32/LICENSE.txt. Bundled as - - lib/org.slf4j-slf4j-api-1.7.25.jar - - lib/org.slf4j-slf4j-log4j12-1.7.25.jar -Source available at https://github.com/qos-ch/slf4j/tree/v_1.7.25 + - lib/org.slf4j-slf4j-api-1.7.32.jar + - lib/org.slf4j-slf4j-log4j12-1.7.32.jar +Source available at https://github.com/qos-ch/slf4j/tree/v_1.7.32 ------------------------------------------------------------------------------------ This product bundles the Google Auth Library, which is available under a "3-clause BSD" license. For details, see deps/google-auth-library-credentials-0.20.0/LICENSE diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt index e2474f7..290d937 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt @@ -214,7 +214,7 @@ Apache Software License, Version 2. - lib/commons-cli-commons-cli-1.2.jar [5] - lib/commons-codec-commons-codec-1.6.jar [6] - lib/commons-configuration-commons-configuration-1.10.jar [7] -- lib/commons-io-commons-io-2.4.jar [8] +- lib/commons-io-commons-io-2.7.jar [8] - lib/commons-lang-commons-lang-2.6.jar [9] - lib/commons-logging-commons-logging-1.1.1.jar [10] - lib/io.netty-netty-buffer-4.1.63.Final.jar [11] @@ -248,12 +248,13 @@ Apache Software License, Version 2. - lib/org.apache.zookeeper-zookeeper-3.6.2.jar [21] - lib/org.apache.zookeeper-zookeeper-jute-3.6.2.jar [21] - lib/org.apache.zookeeper-zookeeper-3.6.2-tests.jar [21] -- lib/org.eclipse.jetty-jetty-http-9.4.33.v20201020.jar [22] -- lib/org.eclipse.jetty-jetty-io-9.4.33.v20201020.jar [22] -- lib/org.eclipse.jetty-jetty-security-9.4.33.v20201020.jar [22] -- lib/org.eclipse.jetty-jetty-server-9.4.33.v20201020.jar [22] -- lib/org.eclipse.jetty-jetty-servlet-9.4.33.v20201020.jar [22] -- lib/org.eclipse.jetty-jetty-util-9.4.33.v20201020.jar [22] +- lib/org.eclipse.jetty-jetty-http-9.4.43.v20210629.jar [22] +- lib/org.eclipse.jetty-jetty-io-9.4.43.v20210629.jar [22] +- lib/org.eclipse.jetty-jetty-security-9.4.43.v20210629.jar [22] +- lib/org.eclipse.jetty-jetty-server-9.4.43.v20210629.jar [22] +- lib/org.eclipse.jetty-jetty-servlet-9.4.43.v20210629.jar [22] +- lib/org.eclipse.jetty-jetty-util-9.4.43.v20210629.jar [22] +- lib/org.eclipse.jetty-jetty-util-ajax-9.4.43.v20210629.jar [22] - lib/org.rocksdb-rocksdbjni-6.16.4.jar [23] - lib/com.beust-jcommander-1.78.jar [24] - lib/com.yahoo.datasketches-memory-0.8.3.jar [25] @@ -320,7 +321,7 @@ Apache Software License, Version 2. [19] Source available at https://git-wip-us.apache.org/repos/asf?p=commons-collections.git;a=tag;h=a3a5ad [20] Source available at https://git-wip-us.apache.org/repos/asf?p=commons-lang.git;a=shortlog;h=refs/tags/LANG_3_6 [21] Source available at https://github.com/apache/zookeeper/tree/release-3.6.2 -[22] Source available at https://github.com/eclipse/jetty.project/tree/jetty-9.4.33.v20201020 +[22] Source available at https://github.com/eclipse/jetty.project/tree/jetty-9.4.43.v20210629 [23] Source available at https://github.com/facebook/rocksdb/tree/v6.16.4 [24] Source available at https://github.com/cbeust/jcommander/tree/1.78 [25] Source available at https://github.com/DataSketches/sketches-core/tree/sketches-0.8.3 @@ -626,12 +627,12 @@ Bundled as lib/javax.servlet-javax.servlet-api-4.0.0.jar Source available at https://github.com/javaee/servlet-spec/tree/4.0.0 ------------------------------------------------------------------------------------ This product bundles Simple Logging Facade for Java, which is available under a -MIT license. For details, see deps/slf4j-1.7.25/LICENSE.txt. +MIT license. For details, see deps/slf4j-1.7.32/LICENSE.txt. Bundled as - - lib/org.slf4j-slf4j-api-1.7.25.jar - - lib/org.slf4j-slf4j-log4j12-1.7.25.jar -Source available at https://github.com/qos-ch/slf4j/tree/v_1.7.25 + - lib/org.slf4j-slf4j-api-1.7.32.jar + - lib/org.slf4j-slf4j-log4j12-1.7.32.jar +Source available at https://github.com/qos-ch/slf4j/tree/v_1.7.32 ------------------------------------------------------------------------------------ This product bundles the Google Auth Library, which is available under a "3-clause BSD" license. For details, see deps/google-auth-library-credentials-0.20.0/LICENSE diff --git a/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt b/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt index cefcd83..043c371 100644 --- a/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt +++ b/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt @@ -78,12 +78,13 @@ SoundCloud Ltd. (http://soundcloud.com/). This product includes software developed as part of the Ocelli project by Netflix Inc. (https://github.com/Netflix/ocelli/). ------------------------------------------------------------------------------------ -- lib/org.eclipse.jetty-jetty-http-9.4.33.v20201020.jar -- lib/org.eclipse.jetty-jetty-io-9.4.33.v20201020.jar -- lib/org.eclipse.jetty-jetty-security-9.4.33.v20201020.jar -- lib/org.eclipse.jetty-jetty-server-9.4.33.v20201020.jar -- lib/org.eclipse.jetty-jetty-servlet-9.4.33.v20201020.jar -- lib/org.eclipse.jetty-jetty-util-9.4.33.v20201020.jar +- lib/org.eclipse.jetty-jetty-http-9.4.43.v20210629.jar +- lib/org.eclipse.jetty-jetty-io-9.4.43.v20210629.jar +- lib/org.eclipse.jetty-jetty-security-9.4.43.v20210629jar +- lib/org.eclipse.jetty-jetty-server-9.4.43.v20210629.jar +- lib/org.eclipse.jetty-jetty-servlet-9.4.43.v20210629.jar +- lib/org.eclipse.jetty-jetty-util-9.4.43.v20210629.jar +- lib/org.eclipse.jetty-jetty-util-ajax-9.4.43.v20210629.jar ============================================================== Jetty Web Container @@ -105,7 +106,7 @@ Jetty is dual licensed under both Jetty may be distributed under either license. -lib/org.eclipse.jetty-jetty-util-9.4.33.v20201020.jar bundles UnixCrypt +lib/org.eclipse.jetty-jetty-util-9.4.43.v20210629.jar bundles UnixCrypt The UnixCrypt.java code implements the one way cryptography used by Unix systems for simple password protection. Copyright 1996 Aki Yoshida, diff --git a/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt b/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt index 962bd11..0ede3b7 100644 --- a/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt +++ b/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt @@ -61,12 +61,13 @@ SoundCloud Ltd. (http://soundcloud.com/). This product includes software developed as part of the Ocelli project by Netflix Inc. (https://github.com/Netflix/ocelli/). ------------------------------------------------------------------------------------ -- lib/org.eclipse.jetty-jetty-http-9.4.33.v20201020.jar -- lib/org.eclipse.jetty-jetty-io-9.4.33.v20201020.jar -- lib/org.eclipse.jetty-jetty-security-9.4.33.v20201020.jar -- lib/org.eclipse.jetty-jetty-server-9.4.33.v20201020.jar -- lib/org.eclipse.jetty-jetty-servlet-9.4.33.v20201020.jar -- lib/org.eclipse.jetty-jetty-util-9.4.33.v20201020.jar +- lib/org.eclipse.jetty-jetty-http-9.4.43.v20210629.jar +- lib/org.eclipse.jetty-jetty-io-9.4.43.v20210629.jar +- lib/org.eclipse.jetty-jetty-security-9.4.43.v20210629.jar +- lib/org.eclipse.jetty-jetty-server-9.4.43.v20210629.jar +- lib/org.eclipse.jetty-jetty-servlet-9.4.43.v20210629.jar +- lib/org.eclipse.jetty-jetty-util-9.4.43.v20210629.jar +- lib/org.eclipse.jetty-jetty-util-ajax-9.4.43.v20210629.jar ============================================================== Jetty Web Container @@ -88,7 +89,7 @@ Jetty is dual licensed under both Jetty may be distributed under either license. -lib/org.eclipse.jetty-jetty-util-9.4.33.v20201020.jar bundles UnixCrypt +lib/org.eclipse.jetty-jetty-util-9.4.43.v20210629.jar bundles UnixCrypt The UnixCrypt.java code implements the one way cryptography used by Unix systems for simple password protection. Copyright 1996 Aki Yoshida, diff --git a/bookkeeper-dist/src/main/resources/deps/slf4j-1.7.25/LICENSE.txt b/bookkeeper-dist/src/main/resources/deps/slf4j-1.7.32/LICENSE.txt similarity index 100% rename from bookkeeper-dist/src/main/resources/deps/slf4j-1.7.25/LICENSE.txt rename to bookkeeper-dist/src/main/resources/deps/slf4j-1.7.32/LICENSE.txt diff --git a/dependencies.gradle b/dependencies.gradle index b0861df..1e12e79 100644 --- a/dependencies.gradle +++ b/dependencies.gradle @@ -25,13 +25,13 @@ depVersions = [ arquillianCubeDocker: "1.18.2", arquillianJunit: "1.6.0.Final", bcFips: "1.0.2", - bouncycastle: "1.56", + bouncycastle: "1.69", commonsCli: "1.4", commonsCodec: "1.14", commonsCollections4: "4.1", commonsCompress: "1.19", commonsConfiguration: "1.10", - commonsIO: "2.4", + commonsIO: "2.7", commonsLang2: "2.6", commonsLang3: "3.6", commonsBeanutils: "1.9.3", @@ -50,7 +50,7 @@ depVersions = [ jackson: "2.11.1", jcommander: "1.78", jctools: "2.1.2", - jetty: "9.4.31.v20200723", + jetty: "9.4.43.v20210629", jmh: "1.19", jmock: "2.8.2", jna: "3.2.7", @@ -58,7 +58,7 @@ depVersions = [ junit: "4.12", junitFoundation: "11.0.0", kerby: "1.1.1", - log4j: "1.2.17", + log4j: "1.2.27", lombok: "1.18.20", lz4: "1.3.0", mockito: "3.0.0", diff --git a/pom.xml b/pom.xml index de52ae6..a1cd50f 100644 --- a/pom.xml +++ b/pom.xml @@ -122,7 +122,7 @@ <commons-compress.version>1.19</commons-compress.version> <commons-lang.version>2.6</commons-lang.version> <commons-lang3.version>3.6</commons-lang3.version> - <commons-io.version>2.4</commons-io.version> + <commons-io.version>2.7</commons-io.version> <bouncycastle.version>1.0.2</bouncycastle.version> <curator.version>5.1.0</curator.version> <dropwizard.version>3.2.5</dropwizard.version> @@ -138,7 +138,7 @@ <hdrhistogram.version>2.1.10</hdrhistogram.version> <jackson.version>2.11.0</jackson.version> <jcommander.version>1.78</jcommander.version> - <jetty.version>9.4.33.v20201020</jetty.version> + <jetty.version>9.4.43.v20210629</jetty.version> <jmh.version>1.19</jmh.version> <jmock.version>2.8.2</jmock.version> <jna.version>3.2.7</jna.version> @@ -160,7 +160,7 @@ <reflections.version>0.9.11</reflections.version> <rocksdb.version>6.16.4</rocksdb.version> <shrinkwrap.version>3.0.1</shrinkwrap.version> - <slf4j.version>1.7.25</slf4j.version> + <slf4j.version>1.7.32</slf4j.version> <snakeyaml.version>1.19</snakeyaml.version> <spotbugs-annotations.version>3.1.8</spotbugs-annotations.version> <javax-annotations-api.version>1.3.2</javax-annotations-api.version>
