(incubator-gluten) branch main updated: [Core] fix GH security issues (#7448)

weitingchen Wed, 09 Oct 2024 22:33:31 -0700

This is an automated email from the ASF dual-hosted git repository.

weitingchen pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-gluten.git



The following commit(s) were added to refs/heads/main by this push:
     new 9ae7136e36 [Core] fix GH security issues (#7448)
9ae7136e36 is described below

commit 9ae7136e36c2932700e2d68ab6f7d75f7ac7063b
Author: Yuan <[email protected]>
AuthorDate: Thu Oct 10 13:33:21 2024 +0800

    [Core] fix GH security issues (#7448)
    
    Uncontrolled Resource Consumption vulnerability in Apache Commons IO.
    
    The org.apache.commons.io.input.XmlStreamReader class may excessively 
consume CPU resources when processing maliciously crafted input.
    
    This issue affects Apache Commons IO: from 2.0 before 2.14.0.
    
    Users are recommended to upgrade to version 2.14.0 or later, which fixes 
the issue.
    
    Signed-off-by: Yuan Zhou <[email protected]>
---
 backends-clickhouse/pom.xml | 2 +-
 backends-velox/pom.xml      | 2 +-
 gluten-substrait/pom.xml    | 2 +-
 gluten-ut/pom.xml           | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/backends-clickhouse/pom.xml b/backends-clickhouse/pom.xml
index 6bc9f8ec53..1bae288861 100644
--- a/backends-clickhouse/pom.xml
+++ b/backends-clickhouse/pom.xml
@@ -177,7 +177,7 @@
     <dependency>
       <groupId>commons-io</groupId>
       <artifactId>commons-io</artifactId>
-      <version>2.11.0</version>
+      <version>2.14.0</version>
       <scope>provided</scope>
     </dependency>
     <!-- Fasterxml -->
diff --git a/backends-velox/pom.xml b/backends-velox/pom.xml
index 2d024b91a5..7cab49b255 100755
--- a/backends-velox/pom.xml
+++ b/backends-velox/pom.xml
@@ -132,7 +132,7 @@
     <dependency>
       <groupId>commons-io</groupId>
       <artifactId>commons-io</artifactId>
-      <version>2.11.0</version>
+      <version>2.14.0</version>
       <scope>provided</scope>
     </dependency>
     <dependency>
diff --git a/gluten-substrait/pom.xml b/gluten-substrait/pom.xml
index a863b7957d..14334c2443 100644
--- a/gluten-substrait/pom.xml
+++ b/gluten-substrait/pom.xml
@@ -185,7 +185,7 @@
     <dependency>
       <groupId>commons-io</groupId>
       <artifactId>commons-io</artifactId>
-      <version>2.11.0</version>
+      <version>2.14.0</version>
       <scope>provided</scope>
     </dependency>
 
diff --git a/gluten-ut/pom.xml b/gluten-ut/pom.xml
index db6123cdac..af46f757ba 100644
--- a/gluten-ut/pom.xml
+++ b/gluten-ut/pom.xml
@@ -158,7 +158,7 @@
     <dependency>
       <groupId>commons-io</groupId>
       <artifactId>commons-io</artifactId>
-      <version>2.11.0</version>
+      <version>2.14.0</version>
       <scope>provided</scope>
     </dependency>
   </dependencies>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

(incubator-gluten) branch main updated: [Core] fix GH security issues (#7448)

Reply via email to