This is an automated email from the ASF dual-hosted git repository.
abhishek pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/master by this push:
new c14cfc2a86f Patched security vulnerability by updating Ranger
libraries to the ne… (#15363)
c14cfc2a86f is described below
commit c14cfc2a86f9f59310f215a53d329dcf27ce2a3c
Author: Vivek Dhiman <[email protected]>
AuthorDate: Wed Nov 22 02:17:18 2023 -0800
Patched security vulnerability by updating Ranger libraries to the ne…
(#15363)
Patched security vulnerability by updating Ranger libraries to the newest
available version.
---
distribution/bin/check-licenses.py | 1 +
.../ranger/authorizer/RangerAuthorizer.java | 2 +-
.../ranger/authorizer/RangerAdminClientImpl.java | 8 +-
licenses.yaml | 199 ++++++++++++++-------
pom.xml | 2 +-
5 files changed, 146 insertions(+), 66 deletions(-)
diff --git a/distribution/bin/check-licenses.py
b/distribution/bin/check-licenses.py
index b069d9545b3..d03cd796a27 100755
--- a/distribution/bin/check-licenses.py
+++ b/distribution/bin/check-licenses.py
@@ -289,6 +289,7 @@ def build_compatible_license_names():
compatible_licenses['Creative Commons CC0'] = 'Creative Commons CC0'
compatible_licenses['CC0'] = 'Creative Commons CC0'
+ compatible_licenses['Public Domain, per Creative Commons CC0'] = 'Creative
Commons CC0'
compatible_licenses['The MIT License'] = 'MIT License'
compatible_licenses['MIT License'] = 'MIT License'
diff --git
a/extensions-core/druid-ranger-security/src/main/java/org/apache/druid/security/ranger/authorizer/RangerAuthorizer.java
b/extensions-core/druid-ranger-security/src/main/java/org/apache/druid/security/ranger/authorizer/RangerAuthorizer.java
index 1d4bf1578b2..b1b392b36e9 100644
---
a/extensions-core/druid-ranger-security/src/main/java/org/apache/druid/security/ranger/authorizer/RangerAuthorizer.java
+++
b/extensions-core/druid-ranger-security/src/main/java/org/apache/druid/security/ranger/authorizer/RangerAuthorizer.java
@@ -134,7 +134,7 @@ class RangerDruidAccessRequest extends
RangerAccessRequestImpl
{
public RangerDruidAccessRequest(RangerDruidResource resource, String user,
Set<String> userGroups, Action action)
{
- super(resource, action.name().toLowerCase(Locale.ENGLISH), user,
userGroups);
+ super(resource, action.name().toLowerCase(Locale.ENGLISH), user,
userGroups, null);
setAccessTime(new Date());
}
}
diff --git
a/extensions-core/druid-ranger-security/src/test/java/org/apache/druid/security/ranger/authorizer/RangerAdminClientImpl.java
b/extensions-core/druid-ranger-security/src/test/java/org/apache/druid/security/ranger/authorizer/RangerAdminClientImpl.java
index 3d72018ff2b..c7f881207b9 100644
---
a/extensions-core/druid-ranger-security/src/test/java/org/apache/druid/security/ranger/authorizer/RangerAdminClientImpl.java
+++
b/extensions-core/druid-ranger-security/src/test/java/org/apache/druid/security/ranger/authorizer/RangerAdminClientImpl.java
@@ -22,6 +22,7 @@ package org.apache.druid.security.ranger.authorizer;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import org.apache.druid.java.util.common.logger.Logger;
+import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.admin.client.AbstractRangerAdminClient;
import org.apache.ranger.plugin.util.ServicePolicies;
@@ -39,9 +40,9 @@ public class RangerAdminClientImpl extends
AbstractRangerAdminClient
protected Gson gson;
@Override
- public void init(String serviceName, String appId, String
configPropertyPrefix)
+ public void init(String serviceName, String appId, String
configPropertyPrefix, Configuration config)
{
- super.init(serviceName, appId, configPropertyPrefix);
+ super.init(serviceName, appId, configPropertyPrefix, config);
try {
gson = new
GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create();
@@ -52,7 +53,8 @@ public class RangerAdminClientImpl extends
AbstractRangerAdminClient
}
@Override
- public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion,
long lastActivationTimeInMillis) throws Exception
+ public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion,
long lastActivationTimeInMillis)
+ throws Exception
{
String basedir = System.getProperty("basedir");
diff --git a/licenses.yaml b/licenses.yaml
index f5e2c9942a2..e4869198a5d 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -3173,6 +3173,16 @@ libraries:
---
+name: org.codehaus.woodstox stax2-api
+license_category: binary
+version: 4.2.1
+module: druid-kerberos
+license_name: BSD-3-Clause License
+libraries:
+ - org.codehaus.woodstox: stax2-api
+
+---
+
name: Kafka clients
version: 5.5.12-ccs
license_category: binary
@@ -4557,7 +4567,7 @@ libraries:
name: org.apache.ranger ranger-plugins-audit
license_category: binary
-version: 2.0.0
+version: 2.4.0
module: druid-ranger-security
license_name: Apache License version 2.0
libraries:
@@ -4567,7 +4577,7 @@ libraries:
name: org.apache.ranger ranger-plugins-common
license_category: binary
-version: 2.0.0
+version: 2.4.0
module: druid-ranger-security
license_name: Apache License version 2.0
libraries:
@@ -4575,23 +4585,43 @@ libraries:
---
-name: com.101tec zkclient
+name: com.kstruct gethostname4j
license_category: binary
-version: '0.10'
+version: 1.0.0
+module: druid-ranger-security
+license_name: MIT License
+libraries:
+ - com.kstruct: gethostname4j
+
+---
+
+name: com.amazonaws aws-java-sdk-bundle
+license_category: binary
+version: 1.12.125
module: druid-ranger-security
license_name: Apache License version 2.0
libraries:
- - com.101tec: zkclient
+ - com.amazonaws: aws-java-sdk-bundle
---
-name: com.kstruct gethostname4j
+name: com.carrotsearch hppc
license_category: binary
-version: 0.0.2
+version: 0.8.0
module: druid-ranger-security
-license_name: MIT License
+license_name: Apache License version 2.0
libraries:
- - com.kstruct: gethostname4j
+ - com.carrotsearch: hppc
+
+---
+
+name: org.locationtech.spatial4j spatial4j
+license_category: binary
+version: 0.7
+module: druid-ranger-security
+license_name: Apache License version 2.0
+libraries:
+ - org.locationtech.spatial4j: spatial4j
---
@@ -4617,7 +4647,7 @@ libraries:
name: JOpt Simple
license_category: binary
-version: 5.0.4
+version: 5.0.2
module: druid-ranger-security
license_name: MIT License
libraries:
@@ -4628,7 +4658,7 @@ copyright: Paul R. Holser, Jr.
name: org.apache.httpcomponents httpmime
license_category: binary
-version: 4.5.3
+version: 4.5.6
module: druid-ranger-security
license_name: Apache License version 2.0
libraries:
@@ -4636,145 +4666,192 @@ libraries:
---
-name: Apache Kafka
+name: org.apache.httpcomponents httpasyncclient
license_category: binary
-version: 2.0.0
+version: 4.1.3
module: druid-ranger-security
license_name: Apache License version 2.0
libraries:
- - org.apache.kafka: kafka-clients
-notices:
- - kafka-clients: 'Apache Kafka Copyright 2019 The Apache Software Foundation.
+ - org.apache.httpcomponents: httpasyncclient
-This distribution has a binary dependency on jersey, which is available under
-the CDDL License. The source code of jersey can be found at
https://github.com/jersey/jersey/.'
+---
+
+name: org.elasticsearch securesm
+license_category: binary
+version: 2.1.9
+module: druid-ranger-security
+license_name: Creative Commons CC0
+libraries:
+ - org.hdrhistogram: HdrHistogram
---
-name: org.apache.kafka kafka_2.11
+name: Apache Lucene
license_category: binary
-version: 2.0.0
+version: 8.4.0
module: druid-ranger-security
license_name: Apache License version 2.0
libraries:
- - org.apache.kafka: kafka_2.11
+ - org.apache.lucene: lucene-analyzers-common
+ - org.apache.lucene: lucene-backward-codecs
+ - org.apache.lucene: lucene-core
+ - org.apache.lucene: lucene-grouping
+ - org.apache.lucene: lucene-highlighter
+ - org.apache.lucene: lucene-join
+ - org.apache.lucene: lucene-memory
+ - org.apache.lucene: lucene-misc
+ - org.apache.lucene: lucene-queries
+ - org.apache.lucene: lucene-queryparser
+ - org.apache.lucene: lucene-sandbox
+ - org.apache.lucene: lucene-spatial
+ - org.apache.lucene: lucene-spatial-extras
+ - org.apache.lucene: lucene-spatial3d
+ - org.apache.lucene: lucene-suggest
---
-name: org.apache.ranger ranger-plugins-cred
+name: org.elasticsearch securesm
license_category: binary
-version: 2.0.0
+version: 1.2
module: druid-ranger-security
license_name: Apache License version 2.0
libraries:
- - org.apache.ranger: ranger-plugins-cred
+ - org.elasticsearch: securesm
---
-name: org.apache.solr solr-solrj
+name: Elastic Search
license_category: binary
-version: 7.7.1
+version: 7.10.2
module: druid-ranger-security
license_name: Apache License version 2.0
libraries:
- - org.apache.solr: solr-solrj
+ - org.elasticsearch: elasticsearch
+ - org.elasticsearch: elasticsearch-cli
+ - org.elasticsearch: elasticsearch-core
+ - org.elasticsearch: elasticsearch-geo
+ - org.elasticsearch: elasticsearch-secure-sm
+ - org.elasticsearch: elasticsearch-x-content
+ - org.elasticsearch.client: elasticsearch-rest-client
+ - org.elasticsearch.client: elasticsearch-rest-high-level-client
+ - org.elasticsearch.plugin: aggs-matrix-stats-client
+ - org.elasticsearch.plugin: lang-mustache-client
+ - org.elasticsearch.plugin: mapper-extras-client
+ - org.elasticsearch.plugin: parent-join-client
+ - org.elasticsearch.plugin: rank-eval-client
---
-name: org.codehaus.woodstox stax2-api
+name: org.apache.httpcomponents httpcore-nio
license_category: binary
-version: 3.1.4
+version: 4.4.6
module: druid-ranger-security
-license_name: BSD-3-Clause License
+license_name: Apache License version 2.0
libraries:
- - org.codehaus.woodstox: stax2-api
+ - org.apache.httpcomponents: httpcore-nio
---
-name: org.codehaus.woodstox stax2-api
+name: Apache Kafka
license_category: binary
-version: 4.2.1
+version: 2.8.1
module: druid-ranger-security
-license_name: BSD-3-Clause License
+license_name: Apache License version 2.0
libraries:
- - org.codehaus.woodstox: stax2-api
+ - org.apache.kafka: kafka-clients
+notices:
+ - kafka-clients: 'Apache Kafka Copyright 2019 The Apache Software Foundation.
+
+This distribution has a binary dependency on jersey, which is available under
+the CDDL License. The source code of jersey can be found at
https://github.com/jersey/jersey/.'
---
-name: org.codehaus.woodstox woodstox-core-asl
+name: org.apache.ranger ranger-plugins
license_category: binary
-version: 4.4.1
+version: 2.4.0
module: druid-ranger-security
license_name: Apache License version 2.0
libraries:
- - org.codehaus.woodstox: woodstox-core-asl
+ - org.apache.ranger: ranger-plugins-cred
+ - org.apache.ranger: ranger-plugin-classloader
---
-name: org.eclipse.persistence commonj.sdo
+name: Woodstox
license_category: binary
-version: 2.1.1
+version: 6.2.4
module: druid-ranger-security
-license_name: Eclipse Distribution License 1.0
+license_name: Apache License version 2.0
libraries:
- - org.eclipse.persistence: commonj.sdo
+ - com.fasterxml.woodstox: woodstox-core
---
-name: org.eclipse.persistence eclipselink
+name: com.github.spullara.mustache.java
license_category: binary
-version: 2.5.2
+version: 0.9.6
module: druid-ranger-security
-license_name: Eclipse Distribution License 1.0
+license_name: Apache License version 2.0
libraries:
- - org.eclipse.persistence: eclipselink
+ - com.github.spullara.mustache.java: compiler
---
-name: org.eclipse.persistence javax.persistence
+name: com.tdunning t-digest
license_category: binary
-version: 2.1.0
+version: 3.2
module: druid-ranger-security
-license_name: Eclipse Distribution License 1.0
+license_name: Apache License version 2.0
libraries:
- - org.eclipse.persistence: javax.persistence
+ - com.tdunning: t-digest
---
-name: org.noggit noggit
+name: io.sgr s2-geometry-library-java
license_category: binary
-version: '0.8'
+version: 1.0.0
module: druid-ranger-security
license_name: Apache License version 2.0
libraries:
- - org.noggit: noggit
+ - io.sgr: s2-geometry-library-java
---
-name: Scala Library
+name: org.apache.orc orc-core
license_category: binary
-version: 2.11.12
+version: 1.5.8
module: druid-ranger-security
-license_name: BSD-3-Clause License
+license_name: Apache License version 2.0
libraries:
- - org.scala-lang: scala-library
-copyright: LAMP/EPFL and Lightbend, Inc.
+ - org.apache.orc: orc-core
---
-name: org.scala-lang scala-reflect
+name: org.apache.solr solr-solrj
+license_category: binary
+version: 8.11.2
+module: druid-ranger-security
+license_name: Apache License version 2.0
+libraries:
+ - org.apache.solr: solr-solrj
+
+---
+
+name: Scala Library
license_category: binary
version: 2.11.12
module: druid-ranger-security
license_name: BSD-3-Clause License
libraries:
- - org.scala-lang: scala-reflect
+ - org.scala-lang: scala-library
+copyright: LAMP/EPFL and Lightbend, Inc.
---
name: snappy-java
license_category: binary
-version: 1.1.8.4
+version: 1.1.10.4
module: druid-ranger-security
license_name: Apache License version 2.0
libraries:
diff --git a/pom.xml b/pom.xml
index cd127119ba9..9c242512278 100644
--- a/pom.xml
+++ b/pom.xml
@@ -77,7 +77,7 @@
<aether.version>0.9.0.M2</aether.version>
<apache.curator.version>5.5.0</apache.curator.version>
<apache.kafka.version>3.6.0</apache.kafka.version>
- <apache.ranger.version>2.0.0</apache.ranger.version>
+ <apache.ranger.version>2.4.0</apache.ranger.version>
<apache.ranger.gson.version>2.2.4</apache.ranger.gson.version>
<scala.library.version>2.13.11</scala.library.version>
<avatica.version>1.23.0</avatica.version>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
