This is an automated email from the ASF dual-hosted git repository. liudongkai pushed a commit to branch 3.0.0-beta-2-prepare in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git
commit 67f6c003f724632619ff0c98341b111ca80eca1a Author: PJ Fanning <[email protected]> AuthorDate: Fri Jun 3 12:21:40 2022 +0100 issue-10356: upgrade logback to fix cve (#10357) (cherry picked from commit d044e0479deb88c694973d0e0c51d8b7cbcfac06) --- dolphinscheduler-dist/release-docs/LICENSE | 4 ++-- pom.xml | 2 +- tools/dependencies/known-dependencies.txt | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/dolphinscheduler-dist/release-docs/LICENSE b/dolphinscheduler-dist/release-docs/LICENSE index 0dd740217a..ff489f4c7e 100644 --- a/dolphinscheduler-dist/release-docs/LICENSE +++ b/dolphinscheduler-dist/release-docs/LICENSE @@ -506,8 +506,8 @@ EPL licenses The following components are provided under the EPL License. See project link for details. The text of each license is also included at licenses/LICENSE-[project].txt. aspectjweaver 1.9.7:https://mvnrepository.com/artifact/org.aspectj/aspectjweaver/1.9.7, EPL 1.0 - logback-classic 1.2.3: https://mvnrepository.com/artifact/ch.qos.logback/logback-classic/1.2.3, EPL 1.0 and LGPL 2.1 - logback-core 1.2.3: https://mvnrepository.com/artifact/ch.qos.logback/logback-core/1.2.3, EPL 1.0 and LGPL 2.1 + logback-classic 1.2.11: https://mvnrepository.com/artifact/ch.qos.logback/logback-classic/1.2.11, EPL 1.0 and LGPL 2.1 + logback-core 1.2.11: https://mvnrepository.com/artifact/ch.qos.logback/logback-core/1.2.11, EPL 1.0 and LGPL 2.1 h2-1.4.200 https://github.com/h2database/h2database/blob/master/LICENSE.txt, MPL 2.0 or EPL 1.0 ======================================================================== diff --git a/pom.xml b/pom.xml index ada4533989..c0ef327c74 100644 --- a/pom.xml +++ b/pom.xml @@ -55,7 +55,7 @@ <spring.version>5.3.12</spring.version> <spring.boot.version>2.5.6</spring.boot.version> <java.version>1.8</java.version> - <logback.version>1.2.3</logback.version> + <logback.version>1.2.11</logback.version> <hadoop.version>2.7.3</hadoop.version> <quartz.version>2.3.2</quartz.version> <jackson.version>2.10.5</jackson.version> diff --git a/tools/dependencies/known-dependencies.txt b/tools/dependencies/known-dependencies.txt index b89bc00d84..8262bc32c8 100755 --- a/tools/dependencies/known-dependencies.txt +++ b/tools/dependencies/known-dependencies.txt @@ -151,8 +151,8 @@ libfb303-0.9.3.jar libthrift-0.9.3.jar log4j-1.2-api-2.14.1.jar log4j-1.2.17.jar -logback-classic-1.2.3.jar -logback-core-1.2.3.jar +logback-classic-1.2.11.jar +logback-core-1.2.11.jar lz4-1.3.0.jar mapstruct-1.2.0.Final.jar micrometer-core-1.7.5.jar
