This is an automated email from the ASF dual-hosted git repository. liudongkai pushed a commit to branch 3.0.0-beta-2-prepare in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git
commit ab7a84320181102e276a6725fd84e44af9c2416a Author: PJ Fanning <[email protected]> AuthorDate: Fri Jun 3 10:17:52 2022 +0100 issues-10354: upgrade commons-io to fix CVE (#10355) (cherry picked from commit b6350280e66f604968e249919dc4a13a04eecee4) --- dolphinscheduler-dist/release-docs/LICENSE | 4 ++-- pom.xml | 4 ++-- tools/dependencies/known-dependencies.txt | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/dolphinscheduler-dist/release-docs/LICENSE b/dolphinscheduler-dist/release-docs/LICENSE index 0ef564565e..0dd740217a 100644 --- a/dolphinscheduler-dist/release-docs/LICENSE +++ b/dolphinscheduler-dist/release-docs/LICENSE @@ -238,7 +238,7 @@ The text of each license is also included at licenses/LICENSE-[project].txt. commons-dbcp 1.4: https://github.com/apache/commons-dbcp, Apache 2.0 commons-email 1.5: https://github.com/apache/commons-email, Apache 2.0 commons-httpclient 3.0.1: https://mvnrepository.com/artifact/commons-httpclient/commons-httpclient/3.0.1, Apache 2.0 - commons-io 2.4: https://github.com/apache/commons-io, Apache 2.0 + commons-io 2.11.0: https://github.com/apache/commons-io, Apache 2.0 commons-lang 2.6: https://github.com/apache/commons-lang, Apache 2.0 commons-logging 1.1.1: https://github.com/apache/commons-logging, Apache 2.0 commons-math3 3.1.1: https://mvnrepository.com/artifact/org.apache.commons/commons-math3/3.1.1, Apache 2.0 @@ -286,7 +286,7 @@ The text of each license is also included at licenses/LICENSE-[project].txt. hive-storage-api 2.1.0: https://mvnrepository.com/artifact/org.apache.hive/hive-storage-api/2.1.0, Apache 2.0 htrace-core 3.1.0-incubating: https://mvnrepository.com/artifact/org.apache.htrace/htrace-core/3.1.0-incubating, Apache 2.0 httpclient 4.5.13: https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient/4.5.13, Apache 2.0 - httpcore 4.4.1: https://mvnrepository.com/artifact/org.apache.httpcomponents/httpcore/4.4.1, Apache 2.0 + httpcore 4.4.15: https://mvnrepository.com/artifact/org.apache.httpcomponents/httpcore/4.4.15, Apache 2.0 httpmime 4.5.13: https://mvnrepository.com/artifact/org.apache.httpcomponents/httpmime/4.5.13, Apache 2.0 jackson-annotations 2.10.5: https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-annotations/2.10.5, Apache 2.0 jackson-core 2.10.5: https://github.com/FasterXML/jackson-core, Apache 2.0 diff --git a/pom.xml b/pom.xml index d370d57fa4..ada4533989 100644 --- a/pom.xml +++ b/pom.xml @@ -67,7 +67,7 @@ <commons.codec.version>1.11</commons.codec.version> <commons.logging.version>1.1.1</commons.logging.version> <httpclient.version>4.5.13</httpclient.version> - <httpcore.version>4.4.1</httpcore.version> + <httpcore.version>4.4.15</httpcore.version> <junit.version>4.12</junit.version> <mysql.connector.version>8.0.16</mysql.connector.version> <slf4j.api.version>1.7.5</slf4j.api.version> @@ -84,7 +84,7 @@ <guava.version>24.1-jre</guava.version> <postgresql.version>42.3.4</postgresql.version> <hive.jdbc.version>2.1.0</hive.jdbc.version> - <commons.io.version>2.4</commons.io.version> + <commons.io.version>2.11.0</commons.io.version> <oshi.core.version>6.1.1</oshi.core.version> <clickhouse.jdbc.version>0.1.52</clickhouse.jdbc.version> <mssql.jdbc.version>6.1.0.jre8</mssql.jdbc.version> diff --git a/tools/dependencies/known-dependencies.txt b/tools/dependencies/known-dependencies.txt index 65a370772a..b89bc00d84 100755 --- a/tools/dependencies/known-dependencies.txt +++ b/tools/dependencies/known-dependencies.txt @@ -33,7 +33,7 @@ commons-daemon-1.0.13.jar commons-beanutils-1.9.4.jar commons-dbcp-1.4.jar commons-httpclient-3.0.1.jar -commons-io-2.4.jar +commons-io-2.11.0.jar commons-lang-2.6.jar commons-logging-1.1.1.jar commons-math3-3.1.1.jar @@ -85,7 +85,7 @@ hive-service-rpc-2.1.0.jar hive-storage-api-2.1.0.jar htrace-core-3.1.0-incubating.jar httpclient-4.5.13.jar -httpcore-4.4.1.jar +httpcore-4.4.15.jar httpmime-4.5.13.jar j2objc-annotations-1.1.jar jackson-annotations-2.10.5.jar
