This is an automated email from the ASF dual-hosted git repository. yong pushed a commit to branch branch-4.15 in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
commit 18a9ec5ce2a84a2ac430c54a1f659018bca25734 Author: Lari Hotari <[email protected]> AuthorDate: Tue Jun 20 04:11:30 2023 +0300 Upgrade snappy-java to address multiple CVEs (#3993) Address multiple CVEs: CVE-2023-34453 CVE-2023-34454 CVE-2023-34455 See https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1 (cherry picked from commit 5ca8d83aedf3f300c029eda3ec0f64bbffbbee8d) --- bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt | 4 ++-- bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt | 4 ++-- bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt | 4 ++-- pom.xml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt index eb20d7436a..ad5aa42b1e 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt @@ -311,7 +311,7 @@ Apache Software License, Version 2. - lib/io.dropwizard.metrics-metrics-jvm-4.1.12.1.jar [47] - lib/io.perfmark-perfmark-api-0.25.0.jar [48] - lib/org.conscrypt-conscrypt-openjdk-uber-2.5.2.jar [49] -- lib/org.xerial.snappy-snappy-java-1.1.7.7.jar [50] +- lib/org.xerial.snappy-snappy-java-1.1.10.1.jar [50] - lib/io.reactivex.rxjava3-rxjava-3.0.1.jar [51] - lib/org.hdrhistogram-HdrHistogram-2.1.10.jar [52] @@ -361,7 +361,7 @@ Apache Software License, Version 2. [47] Source available at https://github.com/dropwizard/metrics/releases/tag/v4.1.12.1 [48] Source available at https://github.com/perfmark/perfmark/releases/tag/v0.26.0 [49] Source available at https://github.com/google/conscrypt/releases/tag/2.5.2 -[50] Source available at https://github.com/google/snappy/releases/tag/1.1.7.7 +[50] Source available at https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1 [51] Source available at https://github.com/ReactiveX/RxJava/tree/v3.0.1 [52] Source available at https://github.com/HdrHistogram/HdrHistogram/tree/HdrHistogram-2.1.10 diff --git a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt index 9f1e72500e..172e714efd 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt @@ -287,7 +287,7 @@ Apache Software License, Version 2. - lib/io.dropwizard.metrics-metrics-core-4.1.12.1.jar [46] - lib/io.perfmark-perfmark-api-0.25.0.jar [47] - lib/org.conscrypt-conscrypt-openjdk-uber-2.5.2.jar [49] -- lib/org.xerial.snappy-snappy-java-1.1.7.7.jar [50] +- lib/org.xerial.snappy-snappy-java-1.1.10.1.jar [50] - lib/io.reactivex.rxjava3-rxjava-3.0.1.jar [51] [1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4 @@ -328,7 +328,7 @@ Apache Software License, Version 2. [46] Source available at https://github.com/dropwizard/metrics/releases/tag/v4.1.12.1 [47] Source available at https://github.com/perfmark/perfmark/releases/tag/v0.26.0 [49] Source available at https://github.com/google/conscrypt/releases/tag/2.5.2 -[50] Source available at https://github.com/google/snappy/releases/tag/1.1.7.7 +[50] Source available at https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1 [51] Source available at https://github.com/ReactiveX/RxJava/tree/v3.0.1 ------------------------------------------------------------------------------------ diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt index 764b5790af..00eaaf512a 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt @@ -308,7 +308,7 @@ Apache Software License, Version 2. - lib/io.dropwizard.metrics-metrics-core-4.1.12.1.jar [47] - lib/io.perfmark-perfmark-api-0.25.0.jar [48] - lib/org.conscrypt-conscrypt-openjdk-uber-2.5.2.jar [49] -- lib/org.xerial.snappy-snappy-java-1.1.7.7.jar [50] +- lib/org.xerial.snappy-snappy-java-1.1.10.1.jar [50] - lib/io.reactivex.rxjava3-rxjava-3.0.1.jar [51] [1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4 @@ -357,7 +357,7 @@ Apache Software License, Version 2. [47] Source available at https://github.com/dropwizard/metrics/releases/tag/v4.1.12.1 [48] Source available at https://github.com/perfmark/perfmark/releases/tag/v0.26.0 [49] Source available at https://github.com/google/conscrypt/releases/tag/2.5.2 -[50] Source available at https://github.com/google/snappy/releases/tag/1.1.7.7 +[50] Source available at https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1 [51] Source available at https://github.com/ReactiveX/RxJava/tree/v3.0.1 ------------------------------------------------------------------------------------ diff --git a/pom.xml b/pom.xml index 82313c0342..650d27f8f4 100644 --- a/pom.xml +++ b/pom.xml @@ -177,7 +177,7 @@ <testcontainers.version>1.15.1</testcontainers.version> <vertx.version>3.9.8</vertx.version> <zookeeper.version>3.8.0</zookeeper.version> - <snappy.version>1.1.7.7</snappy.version> + <snappy.version>1.1.10.1</snappy.version> <jctools.version>2.1.2</jctools.version> <!-- plugin dependencies --> <apache-rat-plugin.version>0.12</apache-rat-plugin.version>
