This is an automated email from the ASF dual-hosted git repository. dzamo pushed a commit to branch 1.20 in repository https://gitbox.apache.org/repos/asf/drill.git
commit 0d0708989edd086739563d439fdc7414b5eb076c Author: PJ Fanning <[email protected]> AuthorDate: Mon Aug 29 15:35:32 2022 +0100 DRILL-8282: Bump Hadoop-Common Version to 3.2.4 (CVE) (#2630) --- contrib/storage-hbase/pom.xml | 12 +++++ contrib/storage-hive/core/pom.xml | 26 ++++++++++- distribution/pom.xml | 4 ++ drill-yarn/pom.xml | 4 ++ exec/java-exec/pom.xml | 48 ++++++++++++++++++++ exec/rpc/pom.xml | 10 +++++ exec/vector/pom.xml | 10 +++++ logical/pom.xml | 8 ++++ metastore/iceberg-metastore/pom.xml | 12 +++++ metastore/metastore-api/pom.xml | 8 ++++ pom.xml | 90 +++++++++++++++++++++++++++++++++++-- 11 files changed, 228 insertions(+), 4 deletions(-) diff --git a/contrib/storage-hbase/pom.xml b/contrib/storage-hbase/pom.xml index b2a8e51f8a..c3146cb0f4 100644 --- a/contrib/storage-hbase/pom.xml +++ b/contrib/storage-hbase/pom.xml @@ -181,6 +181,14 @@ <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> + <exclusion> + <groupId>ch.qos.reload4j</groupId> + <artifactId>reload4j</artifactId> + </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> <exclusion> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> @@ -238,6 +246,10 @@ <artifactId>log4j</artifactId> <groupId>log4j</groupId> </exclusion> + <exclusion> + <groupId>ch.qos.reload4j</groupId> + <artifactId>reload4j</artifactId> + </exclusion> <exclusion> <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> diff --git a/contrib/storage-hive/core/pom.xml b/contrib/storage-hive/core/pom.xml index c024e014f4..e4342376b8 100644 --- a/contrib/storage-hive/core/pom.xml +++ b/contrib/storage-hive/core/pom.xml @@ -93,7 +93,15 @@ <exclusion> <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> - </exclusion> + </exclusion> + <exclusion> + <groupId>ch.qos.reload4j</groupId> + <artifactId>reload4j</artifactId> + </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> <exclusion> <artifactId>hadoop-auth</artifactId> <groupId>org.apache.hadoop</groupId> @@ -147,6 +155,14 @@ <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> + <exclusion> + <groupId>ch.qos.reload4j</groupId> + <artifactId>reload4j</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -196,10 +212,18 @@ <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> + <exclusion> + <groupId>ch.qos.reload4j</groupId> + <artifactId>reload4j</artifactId> + </exclusion> <exclusion> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> <exclusion> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-slf4j-impl</artifactId> diff --git a/distribution/pom.xml b/distribution/pom.xml index 2ef03c645a..f31bd05570 100644 --- a/distribution/pom.xml +++ b/distribution/pom.xml @@ -109,6 +109,10 @@ <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> </exclusions> </dependency> <dependency> diff --git a/drill-yarn/pom.xml b/drill-yarn/pom.xml index 08ddf56f92..e0586c3f20 100644 --- a/drill-yarn/pom.xml +++ b/drill-yarn/pom.xml @@ -88,6 +88,10 @@ <artifactId>slf4j-log4j12</artifactId> <groupId>org.slf4j</groupId> </exclusion> + <exclusion> + <artifactId>slf4j-reload4j</artifactId> + <groupId>org.slf4j</groupId> + </exclusion> </exclusions> </dependency> diff --git a/exec/java-exec/pom.xml b/exec/java-exec/pom.xml index c436590be8..9d0c46ac7b 100644 --- a/exec/java-exec/pom.xml +++ b/exec/java-exec/pom.xml @@ -70,6 +70,10 @@ <artifactId>slf4j-log4j12</artifactId> <groupId>org.slf4j</groupId> </exclusion> + <exclusion> + <artifactId>slf4j-reload4j</artifactId> + <groupId>org.slf4j</groupId> + </exclusion> </exclusions> </dependency> <dependency> @@ -389,6 +393,14 @@ <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> + <exclusion> + <groupId>ch.qos.reload4j</groupId> + <artifactId>reload4j</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -409,6 +421,14 @@ <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> + <exclusion> + <groupId>ch.qos.reload4j</groupId> + <artifactId>reload4j</artifactId> + </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> <exclusion> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-server</artifactId> @@ -439,6 +459,14 @@ <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> + <exclusion> + <groupId>ch.qos.reload4j</groupId> + <artifactId>reload4j</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -459,6 +487,10 @@ <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> </exclusion> + <exclusion> + <groupId>ch.qos.reload4j</groupId> + <artifactId>reload4j</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -486,6 +518,10 @@ <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> + <exclusion> + <groupId>ch.qos.reload4j</groupId> + <artifactId>reload4j</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -636,6 +672,14 @@ <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> + <exclusion> + <groupId>ch.qos.reload4j</groupId> + <artifactId>reload4j</artifactId> + </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> </exclusions> </dependency> </dependencies> @@ -717,6 +761,10 @@ <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> + <exclusion> + <groupId>ch.qos.reload4j</groupId> + <artifactId>reload4j</artifactId> + </exclusion> </exclusions> </dependency> </dependencies> diff --git a/exec/rpc/pom.xml b/exec/rpc/pom.xml index dc0606f381..2aae609f34 100644 --- a/exec/rpc/pom.xml +++ b/exec/rpc/pom.xml @@ -61,6 +61,16 @@ <dependency> <groupId>org.apache.hadoop</groupId> <artifactId>hadoop-common</artifactId> + <exclusions> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> + <exclusion> + <groupId>ch.qos.reload4j</groupId> + <artifactId>reload4j</artifactId> + </exclusion> + </exclusions> </dependency> </dependencies> diff --git a/exec/vector/pom.xml b/exec/vector/pom.xml index 81fa911f48..02a376a54a 100644 --- a/exec/vector/pom.xml +++ b/exec/vector/pom.xml @@ -65,6 +65,16 @@ <groupId>org.apache.hadoop</groupId> <artifactId>hadoop-common</artifactId> <scope>provided</scope> + <exclusions> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> + <exclusion> + <groupId>ch.qos.reload4j</groupId> + <artifactId>reload4j</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>com.google.protobuf</groupId> diff --git a/logical/pom.xml b/logical/pom.xml index 719ec10204..38847af986 100644 --- a/logical/pom.xml +++ b/logical/pom.xml @@ -93,6 +93,14 @@ <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> + <exclusion> + <groupId>ch.qos.reload4j</groupId> + <artifactId>reload4j</artifactId> + </exclusion> </exclusions> </dependency> </dependencies> diff --git a/metastore/iceberg-metastore/pom.xml b/metastore/iceberg-metastore/pom.xml index 394a054ff3..a1b6b9891f 100644 --- a/metastore/iceberg-metastore/pom.xml +++ b/metastore/iceberg-metastore/pom.xml @@ -97,10 +97,18 @@ <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> + <exclusion> + <groupId>ch.qos.reload4j</groupId> + <artifactId>reload4j</artifactId> + </exclusion> <exclusion> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> <exclusion> <groupId>org.apache.hadoop</groupId> <artifactId>hadoop-yarn-common</artifactId> @@ -174,6 +182,10 @@ <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> </exclusion> + <exclusion> + <groupId>ch.qos.reload4j</groupId> + <artifactId>reload4j</artifactId> + </exclusion> </exclusions> </dependency> <dependency> diff --git a/metastore/metastore-api/pom.xml b/metastore/metastore-api/pom.xml index b633af3a7e..e6cd30184c 100644 --- a/metastore/metastore-api/pom.xml +++ b/metastore/metastore-api/pom.xml @@ -58,6 +58,14 @@ <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> + <exclusion> + <groupId>ch.qos.reload4j</groupId> + <artifactId>reload4j</artifactId> + </exclusion> </exclusions> </dependency> </dependencies> diff --git a/pom.xml b/pom.xml index 537890e5e6..fb6081e672 100644 --- a/pom.xml +++ b/pom.xml @@ -77,7 +77,7 @@ <curator.version>5.2.0</curator.version> <wiremock.standalone.version>2.23.2</wiremock.standalone.version> <jmockit.version>1.47</jmockit.version> - <logback.version>1.2.9</logback.version> + <logback.version>1.2.11</logback.version> <mockito.version>3.11.2</mockito.version> <!-- Currently, Hive storage plugin only supports Apache Hive 3.1.2 or vendor specific variants of the @@ -85,7 +85,7 @@ for example parquet-hadoop-bundle and derby dependencies. --> <hive.version>3.1.2</hive.version> - <hadoop.version>3.2.3</hadoop.version> + <hadoop.version>3.2.4</hadoop.version> <hbase.version>2.4.9</hbase.version> <fmpp.version>1.0</fmpp.version> <freemarker.version>2.3.28</freemarker.version> @@ -1440,6 +1440,10 @@ <artifactId>slf4j-log4j12</artifactId> <groupId>org.slf4j</groupId> </exclusion> + <exclusion> + <artifactId>slf4j-reload4j</artifactId> + <groupId>org.slf4j</groupId> + </exclusion> <exclusion> <groupId>jline</groupId> <artifactId>jline</artifactId> @@ -1488,6 +1492,14 @@ <artifactId>log4j</artifactId> <groupId>log4j</groupId> </exclusion> + <exclusion> + <groupId>ch.qos.reload4j</groupId> + <artifactId>reload4j</artifactId> + </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -1511,6 +1523,10 @@ <artifactId>slf4j-log4j12</artifactId> <groupId>org.slf4j</groupId> </exclusion> + <exclusion> + <artifactId>slf4j-reload4j</artifactId> + <groupId>org.slf4j</groupId> + </exclusion> <exclusion> <groupId>commons-logging</groupId> <artifactId>commons-logging-api</artifactId> @@ -1538,6 +1554,10 @@ <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> <exclusion> <groupId>org.apache.hbase</groupId> <artifactId>hbase</artifactId> @@ -1597,6 +1617,10 @@ <artifactId>slf4j-log4j12</artifactId> <groupId>org.slf4j</groupId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -1657,6 +1681,10 @@ <artifactId>slf4j-log4j12</artifactId> <groupId>org.slf4j</groupId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> <exclusion> <groupId>com.sun.jersey</groupId> <artifactId>jersey-core</artifactId> @@ -1708,6 +1736,10 @@ <artifactId>slf4j-log4j12</artifactId> <groupId>org.slf4j</groupId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> <exclusion> <groupId>org.json</groupId> <artifactId>json</artifactId> @@ -1853,6 +1885,10 @@ <artifactId>slf4j-log4j12</artifactId> <groupId>org.slf4j</groupId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> <exclusion> <artifactId>log4j</artifactId> <groupId>log4j</groupId> @@ -2115,6 +2151,10 @@ <artifactId>slf4j-log4j12</artifactId> <groupId>org.slf4j</groupId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> <exclusion> <artifactId>mockito-all</artifactId> <groupId>org.mockito</groupId> @@ -2278,6 +2318,10 @@ <artifactId>slf4j-log4j12</artifactId> <groupId>org.slf4j</groupId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> <exclusion> <artifactId>mockito-all</artifactId> <groupId>org.mockito</groupId> @@ -2449,6 +2493,10 @@ <artifactId>slf4j-log4j12</artifactId> <groupId>org.slf4j</groupId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> <exclusion> <artifactId>mockito-all</artifactId> <groupId>org.mockito</groupId> @@ -2577,7 +2625,7 @@ <groupId>org.slf4j</groupId> </exclusion> <exclusion> - <artifactId>slf4j-log4j12</artifactId> + <artifactId>slf4j-reload4j</artifactId> <groupId>org.slf4j</groupId> </exclusion> <exclusion> @@ -2730,6 +2778,10 @@ <artifactId>slf4j-log4j12</artifactId> <groupId>org.slf4j</groupId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> <exclusion> <artifactId>log4j</artifactId> <groupId>log4j</groupId> @@ -2775,6 +2827,10 @@ <artifactId>slf4j-log4j12</artifactId> <groupId>org.slf4j</groupId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> <exclusion> <artifactId>asm</artifactId> <groupId>asm</groupId> @@ -2938,6 +2994,10 @@ <artifactId>slf4j-log4j12</artifactId> <groupId>org.slf4j</groupId> </exclusion> + <exclusion> + <artifactId>slf4j-reload4j</artifactId> + <groupId>org.slf4j</groupId> + </exclusion> <exclusion> <artifactId>mockito-all</artifactId> <groupId>org.mockito</groupId> @@ -3013,6 +3073,10 @@ <artifactId>slf4j-log4j12</artifactId> <groupId>org.slf4j</groupId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> <exclusion> <artifactId>mockito-all</artifactId> <groupId>org.mockito</groupId> @@ -3143,6 +3207,10 @@ <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> <exclusion> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> @@ -3239,6 +3307,10 @@ <artifactId>slf4j-log4j12</artifactId> <groupId>org.slf4j</groupId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> <exclusion> <artifactId>log4j</artifactId> <groupId>log4j</groupId> @@ -3314,6 +3386,10 @@ <artifactId>slf4j-log4j12</artifactId> <groupId>org.slf4j</groupId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> <exclusion> <artifactId>log4j</artifactId> <groupId>log4j</groupId> @@ -3359,6 +3435,10 @@ <artifactId>slf4j-log4j12</artifactId> <groupId>org.slf4j</groupId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> <exclusion> <artifactId>asm</artifactId> <groupId>asm</groupId> @@ -3879,6 +3959,10 @@ <artifactId>slf4j-log4j12</artifactId> <groupId>org.slf4j</groupId> </exclusion> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-reload4j</artifactId> + </exclusion> <exclusion> <artifactId>reload4j</artifactId> <groupId>ch.qos.reload4j</groupId>
