[geode] branch develop updated: GEODE-10443: Update shiro-core to version 1.11.0 for CVE-2022-40664 (#7881)

Sat, 17 Jun 2023 09:03:51 -0700 

This is an automated email from the ASF dual-hosted git repository.

kirs pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode.git


The following commit(s) were added to refs/heads/develop by this push:
     new 55d92bb968 GEODE-10443: Update shiro-core to version 1.11.0 for 
CVE-2022-40664 (#7881)
55d92bb968 is described below

commit 55d92bb9683bf2c145219f22a122078d53f35364
Author: jakevin <jakevin...@gmail.com>
AuthorDate: Sun Jun 18 00:03:39 2023 +0800

    GEODE-10443: Update shiro-core to version 1.11.0 for CVE-2022-40664 (#7881)
---
 boms/geode-all-bom/src/test/resources/expected-pom.xml |  2 +-
 .../geode/gradle/plugins/DependencyConstraints.groovy  |  2 +-
 .../src/integrationTest/resources/assembly_content.txt | 18 +++++++++---------
 .../resources/gfsh_dependency_classpath.txt            | 18 +++++++++---------
 .../integrationTest/resources/dependency_classpath.txt | 18 +++++++++---------
 5 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/boms/geode-all-bom/src/test/resources/expected-pom.xml 
b/boms/geode-all-bom/src/test/resources/expected-pom.xml
index 039b867760..c120e5a6b5 100644
--- a/boms/geode-all-bom/src/test/resources/expected-pom.xml
+++ b/boms/geode-all-bom/src/test/resources/expected-pom.xml
@@ -330,7 +330,7 @@
       <dependency>
         <groupId>org.apache.shiro</groupId>
         <artifactId>shiro-core</artifactId>
-        <version>1.9.0</version>
+        <version>1.10.0</version>
       </dependency>
       <dependency>
         <groupId>org.assertj</groupId>
diff --git 
a/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
 
b/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
index 46024eeeb9..58c55d6c01 100644
--- 
a/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
+++ 
b/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
@@ -41,7 +41,7 @@ class DependencyConstraints {
     deps.put("jgroups.version", "3.6.14.Final")
     deps.put("log4j.version", "2.17.2")
     deps.put("micrometer.version", "1.9.1")
-    deps.put("shiro.version", "1.9.1")
+    deps.put("shiro.version", "1.10.0")
     deps.put("slf4j-api.version", "1.7.32")
     deps.put("jboss-modules.version", "1.11.0.Final")
     deps.put("jackson.version", "2.13.3")
diff --git a/geode-assembly/src/integrationTest/resources/assembly_content.txt 
b/geode-assembly/src/integrationTest/resources/assembly_content.txt
index 966298fe1a..bbed00cd72 100644
--- a/geode-assembly/src/integrationTest/resources/assembly_content.txt
+++ b/geode-assembly/src/integrationTest/resources/assembly_content.txt
@@ -1047,15 +1047,15 @@ lib/mx4j-remote-3.0.2.jar
 lib/mx4j-tools-3.0.1.jar
 lib/ra.jar
 lib/rmiio-2.1.2.jar
-lib/shiro-cache-1.9.1.jar
-lib/shiro-config-core-1.9.1.jar
-lib/shiro-config-ogdl-1.9.1.jar
-lib/shiro-core-1.9.1.jar
-lib/shiro-crypto-cipher-1.9.1.jar
-lib/shiro-crypto-core-1.9.1.jar
-lib/shiro-crypto-hash-1.9.1.jar
-lib/shiro-event-1.9.1.jar
-lib/shiro-lang-1.9.1.jar
+lib/shiro-cache-1.10.0.jar
+lib/shiro-config-core-1.10.0.jar
+lib/shiro-config-ogdl-1.10.0.jar
+lib/shiro-core-1.10.0.jar
+lib/shiro-crypto-cipher-1.10.0.jar
+lib/shiro-crypto-core-1.10.0.jar
+lib/shiro-crypto-hash-1.10.0.jar
+lib/shiro-event-1.10.0.jar
+lib/shiro-lang-1.10.0.jar
 lib/slf4j-api-1.7.32.jar
 lib/slf4j-api-1.7.36.jar
 lib/snappy-0.4.jar
diff --git 
a/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt 
b/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt
index a128557a0e..0756871fc4 100644
--- a/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt
+++ b/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt
@@ -47,8 +47,8 @@ antlr-2.7.7.jar
 istack-commons-runtime-4.0.1.jar
 jaxb-impl-2.3.2.jar
 commons-validator-1.7.jar
-shiro-core-1.9.1.jar
-shiro-config-ogdl-1.9.1.jar
+shiro-core-1.10.0.jar
+shiro-config-ogdl-1.10.0.jar
 commons-beanutils-1.9.4.jar
 commons-codec-1.15.jar
 commons-collections-3.2.2.jar
@@ -69,13 +69,13 @@ jna-platform-5.11.0.jar
 jna-5.11.0.jar
 snappy-0.4.jar
 jgroups-3.6.14.Final.jar
-shiro-cache-1.9.1.jar
-shiro-crypto-hash-1.9.1.jar
-shiro-crypto-cipher-1.9.1.jar
-shiro-config-core-1.9.1.jar
-shiro-event-1.9.1.jar
-shiro-crypto-core-1.9.1.jar
-shiro-lang-1.9.1.jar
+shiro-cache-1.10.0.jar
+shiro-crypto-hash-1.10.0.jar
+shiro-crypto-cipher-1.10.0.jar
+shiro-config-core-1.10.0.jar
+shiro-event-1.10.0.jar
+shiro-crypto-core-1.10.0.jar
+shiro-lang-1.10.0.jar
 slf4j-api-1.7.36.jar
 spring-beans-5.3.21.jar
 javax.activation-api-1.2.0.jar
diff --git 
a/geode-server-all/src/integrationTest/resources/dependency_classpath.txt 
b/geode-server-all/src/integrationTest/resources/dependency_classpath.txt
index 083f54034e..0107d3cfee 100644
--- a/geode-server-all/src/integrationTest/resources/dependency_classpath.txt
+++ b/geode-server-all/src/integrationTest/resources/dependency_classpath.txt
@@ -1,8 +1,8 @@
 spring-web-5.3.21.jar
-shiro-event-1.9.1.jar
-shiro-crypto-hash-1.9.1.jar
-shiro-crypto-cipher-1.9.1.jar
-shiro-config-core-1.9.1.jar
+shiro-event-1.10.0.jar
+shiro-crypto-hash-1.10.0.jar
+shiro-crypto-cipher-1.10.0.jar
+shiro-config-core-1.10.0.jar
 commons-digester-2.1.jar
 commons-validator-1.7.jar
 spring-jcl-5.3.21.jar
@@ -23,11 +23,11 @@ geode-cq-0.0.0.jar
 geode-old-client-support-0.0.0.jar
 javax.servlet-api-3.1.0.jar
 jgroups-3.6.14.Final.jar
-shiro-cache-1.9.1.jar
+shiro-cache-1.10.0.jar
 httpcore-4.4.15.jar
 spring-beans-5.3.21.jar
 lucene-queries-6.6.6.jar
-shiro-core-1.9.1.jar
+shiro-core-1.10.0.jar
 HikariCP-4.0.3.jar
 slf4j-api-1.7.32.jar
 geode-http-service-0.0.0.jar
@@ -63,7 +63,7 @@ jetty-io-9.4.47.v20220610.jar
 geode-deployment-legacy-0.0.0.jar
 commons-beanutils-1.9.4.jar
 log4j-core-2.17.2.jar
-shiro-crypto-core-1.9.1.jar
+shiro-crypto-core-1.10.0.jar
 jaxb-api-2.3.1.jar
 geode-unsafe-0.0.0.jar
 spring-shell-1.2.0.RELEASE.jar
@@ -73,14 +73,14 @@ log4j-jul-2.17.2.jar
 HdrHistogram-2.1.12.jar
 jackson-annotations-2.13.3.jar
 micrometer-core-1.9.1.jar
-shiro-config-ogdl-1.9.1.jar
+shiro-config-ogdl-1.10.0.jar
 geode-log4j-0.0.0.jar
 lucene-analyzers-phonetic-6.6.6.jar
 spring-context-5.3.21.jar
 jetty-security-9.4.47.v20220610.jar
 geode-logging-0.0.0.jar
 commons-io-2.11.0.jar
-shiro-lang-1.9.1.jar
+shiro-lang-1.10.0.jar
 javax.transaction-api-1.3.jar
 geode-common-0.0.0.jar
 antlr-2.7.7.jar

Reply via email to