[helix] branch master updated: [issue-1727] upgrade to commons-io 2.11.0 due to cve (#2040)

hulee Sat, 16 Apr 2022 15:30:06 -0700

This is an automated email from the ASF dual-hosted git repository.

hulee pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/helix.git



The following commit(s) were added to refs/heads/master by this push:
     new 051aaf964 [issue-1727] upgrade to commons-io 2.11.0 due to cve (#2040)
051aaf964 is described below

commit 051aaf9648db5e5fc3e857e09eb28038da7d0e58
Author: PJ Fanning <[email protected]>
AuthorDate: Sun Apr 17 00:29:52 2022 +0200

    [issue-1727] upgrade to commons-io 2.11.0 due to cve (#2040)
---
 helix-core/helix-core-1.0.3-SNAPSHOT.ivy                     |  2 +-
 helix-core/pom.xml                                           |  2 +-
 .../main/scripts/integration-test/script/driver_cmd_dict.py  | 12 ++++++------
 .../metadata-store-directory-common-1.0.3-SNAPSHOT.ivy       |  2 +-
 metadata-store-directory-common/pom.xml                      |  2 +-
 recipes/rsync-replicated-file-system/bin/send-message.sh     |  2 +-
 recipes/rsync-replicated-file-system/bin/setup-cluster.sh    |  2 +-
 .../bin/start-cluster-manager.sh                             |  2 +-
 recipes/rsync-replicated-file-system/bin/start-consumer.sh   |  2 +-
 zookeeper-api/pom.xml                                        |  2 +-
 10 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/helix-core/helix-core-1.0.3-SNAPSHOT.ivy 
b/helix-core/helix-core-1.0.3-SNAPSHOT.ivy
index bf622f1ad..b2a63448a 100755
--- a/helix-core/helix-core-1.0.3-SNAPSHOT.ivy
+++ b/helix-core/helix-core-1.0.3-SNAPSHOT.ivy
@@ -55,7 +55,7 @@ under the License.
     <dependency org="org.apache.zookeeper" name="zookeeper" rev="3.4.13" 
conf="compile->compile(default);runtime->runtime(default);default->default"/>
                <dependency org="com.fasterxml.jackson.core" 
name="jackson-databind" rev="2.11.0" 
conf="compile->compile(default);runtime->runtime(default);default->default"/>
     <dependency org="com.fasterxml.jackson.core" name="jackson-core" 
rev="2.11.0" 
conf="compile->compile(default);runtime->runtime(default);default->default"/>
-    <dependency org="commons-io" name="commons-io" rev="1.4" 
conf="compile->compile(default);runtime->runtime(default);default->default"/>
+    <dependency org="commons-io" name="commons-io" rev="2.11.0" 
conf="compile->compile(default);runtime->runtime(default);default->default"/>
     <dependency org="commons-cli" name="commons-cli" rev="1.2" 
conf="compile->compile(default);runtime->runtime(default);default->default"/>
     <dependency org="commons-math" name="commons-math" rev="2.1" 
conf="compile->compile(default);runtime->runtime(default);default->default"/>
     <dependency org="org.apache.commons" name="commons-math3" rev="3.6.1" 
conf="compile->compile(default);runtime->runtime(default);default->default"/>
diff --git a/helix-core/pom.xml b/helix-core/pom.xml
index fdd864876..c9fb06d34 100755
--- a/helix-core/pom.xml
+++ b/helix-core/pom.xml
@@ -83,7 +83,7 @@
     <dependency>
       <groupId>commons-io</groupId>
       <artifactId>commons-io</artifactId>
-      <version>1.4</version>
+      <version>2.11.0</version>
     </dependency>
     <dependency>
       <groupId>commons-cli</groupId>
diff --git 
a/helix-core/src/main/scripts/integration-test/script/driver_cmd_dict.py 
b/helix-core/src/main/scripts/integration-test/script/driver_cmd_dict.py
index dde6ba0a7..2bf98ef6d 100644
--- a/helix-core/src/main/scripts/integration-test/script/driver_cmd_dict.py
+++ b/helix-core/src/main/scripts/integration-test/script/driver_cmd_dict.py
@@ -139,7 +139,7 @@ cmd_direct_call={
       "IVY_DIR/com/github/sgroschupf/zkclient/0.1/zkclient-0.1.jar"
       ,"IVY_DIR/com/thoughtworks/xstream/xstream/1.3.1/xstream-1.3.1.jar"
       ,"IVY_DIR/commons-cli/commons-cli/1.2/commons-cli-1.2.jar"
-      ,"IVY_DIR/commons-io/commons-io/1.4/commons-io-1.4.jar"
+      ,"IVY_DIR/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar"
       ,"IVY_DIR/commons-lang/commons-lang/2.4/commons-lang-2.4.jar"
       ,"IVY_DIR/jdom/jdom/1.0/jdom-1.0.jar"
       ,"IVY_DIR/log4j/log4j/2.17.1/log4j-2.17.1.jar"
@@ -159,7 +159,7 @@ cmd_direct_call={
     "class_path":[
       "IVY_DIR/com/thoughtworks/xstream/xstream/1.3.1/xstream-1.3.1.jar"
       ,"IVY_DIR/commons-cli/commons-cli/1.2/commons-cli-1.2.jar"
-      ,"IVY_DIR/commons-io/commons-io/1.4/commons-io-1.4.jar"
+      ,"IVY_DIR/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar"
       ,"IVY_DIR/commons-lang/commons-lang/2.4/commons-lang-2.4.jar"
       ,"IVY_DIR/jdom/jdom/1.0/jdom-1.0.jar"
       ,"IVY_DIR/log4j/log4j/2.17.1/log4j-2.17.1.jar"
@@ -180,8 +180,8 @@ cmd_direct_call={
     "class_path":[
       "IVY_DIR/com/thoughtworks/xstream/xstream/1.3.1/xstream-1.3.1.jar"
       ,"IVY_DIR/commons-cli/commons-cli/1.2/commons-cli-1.2.jar"
-      ,"IVY_DIR/commons-io/commons-io/1.4/commons-io-1.4.jar"
-      ,"IVY_DIR/commons-lang/commons-lang/2.4/commons-lang-2.4.jar"
+      ,"IVY_DIR/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar"
+      ,"IVY_DIR/commons-lang/commons-lang/2.11.0/commons-lang-2.11.0.jar"
       ,"IVY_DIR/jdom/jdom/1.0/jdom-1.0.jar"
       ,"IVY_DIR/log4j/log4j/2.17.1/log4j-2.17.1.jar"
       ,"IVY_DIR/org/apache/zookeeper/zookeeper/3.3.3/zookeeper-3.3.3.jar"
@@ -203,7 +203,7 @@ cmd_direct_call={
     "class_path":[
       "IVY_DIR/com/thoughtworks/xstream/xstream/1.3.1/xstream-1.3.1.jar"
       ,"IVY_DIR/commons-cli/commons-cli/1.2/commons-cli-1.2.jar"
-      ,"IVY_DIR/commons-io/commons-io/1.4/commons-io-1.4.jar"
+      ,"IVY_DIR/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar"
       ,"IVY_DIR/commons-lang/commons-lang/2.4/commons-lang-2.4.jar"
       ,"IVY_DIR/jdom/jdom/1.0/jdom-1.0.jar"
       ,"IVY_DIR/log4j/log4j/2.17.1/log4j-2.17.1.jar"
@@ -226,7 +226,7 @@ cmd_direct_call={
       "IVY_DIR/com/github/sgroschupf/zkclient/0.1/zkclient-0.1.jar"
       ,"IVY_DIR/com/thoughtworks/xstream/xstream/1.3.1/xstream-1.3.1.jar"
       ,"IVY_DIR/commons-cli/commons-cli/1.2/commons-cli-1.2.jar"
-      ,"IVY_DIR/commons-io/commons-io/1.4/commons-io-1.4.jar"
+      ,"IVY_DIR/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar"
       ,"IVY_DIR/commons-lang/commons-lang/2.4/commons-lang-2.4.jar"
       ,"IVY_DIR/jdom/jdom/1.0/jdom-1.0.jar"
       ,"IVY_DIR/log4j/log4j/2.17.1/log4j-2.17.1.jar"
diff --git 
a/metadata-store-directory-common/metadata-store-directory-common-1.0.3-SNAPSHOT.ivy
 
b/metadata-store-directory-common/metadata-store-directory-common-1.0.3-SNAPSHOT.ivy
index 35516ca6c..3a305fd5d 100644
--- 
a/metadata-store-directory-common/metadata-store-directory-common-1.0.3-SNAPSHOT.ivy
+++ 
b/metadata-store-directory-common/metadata-store-directory-common-1.0.3-SNAPSHOT.ivy
@@ -49,6 +49,6 @@ under the License.
                <dependency org="org.apache.helix" name="helix-core" 
rev="1.0.3-SNAPSHOT" force="true" 
conf="compile->compile(*),master(*);runtime->runtime(*)"/>
                <dependency org="com.fasterxml.jackson.core" 
name="jackson-databind" rev="2.11.0" force="true" 
conf="compile->compile(*),master(*);runtime->runtime(*)"/>
                <dependency org="commons-cli" name="commons-cli" rev="1.2" 
force="true" conf="compile->compile(*),master(*);runtime->runtime(*)"/>
-               <dependency org="commons-io" name="commons-io" rev="1.4" 
conf="compile->compile(default);runtime->runtime(default);default->default"/>
+               <dependency org="commons-io" name="commons-io" rev="2.11.0" 
conf="compile->compile(default);runtime->runtime(default);default->default"/>
        </dependencies>
 </ivy-module>
diff --git a/metadata-store-directory-common/pom.xml 
b/metadata-store-directory-common/pom.xml
index e15453ac1..5211ad033 100644
--- a/metadata-store-directory-common/pom.xml
+++ b/metadata-store-directory-common/pom.xml
@@ -86,7 +86,7 @@
     <dependency>
       <groupId>commons-io</groupId>
       <artifactId>commons-io</artifactId>
-      <version>1.4</version>
+      <version>2.11.0</version>
       <scope>test</scope>
     </dependency>
   </dependencies>
diff --git a/recipes/rsync-replicated-file-system/bin/send-message.sh 
b/recipes/rsync-replicated-file-system/bin/send-message.sh
index c2e6523b6..469474bae 100755
--- a/recipes/rsync-replicated-file-system/bin/send-message.sh
+++ b/recipes/rsync-replicated-file-system/bin/send-message.sh
@@ -20,7 +20,7 @@
 
 script_dir=`dirname $0`
 LIB=$script_dir/../lib
-CLASSPATH=$script_dir/../target/classes:"$LIB"/helix-core-0.6.4-SNAPSHOT.jar:"$LIB"/rabbitmq-client.jar:"$LIB"/commons-cli-1.1.jar:"$LIB"/commons-io-1.2.jar:"$LIB"/commons-math-2.1.jar:"$LIB"/jackson-core-asl-1.8.5.jar:"$LIB"/jackson-mapper-asl-1.8.5.jar:"$LIB"/log4j-api-2.17.1.jar:"$LIB"/org.restlet-1.1.10.jar:"$LIB"/zkclient-0.1.jar:"$LIB"/zookeeper-3.3.4.jar
+CLASSPATH=$script_dir/../target/classes:"$LIB"/helix-core-0.6.4-SNAPSHOT.jar:"$LIB"/rabbitmq-client.jar:"$LIB"/commons-cli-1.1.jar:"$LIB"/commons-io-2.11.0.jar:"$LIB"/commons-math-2.1.jar:"$LIB"/jackson-core-asl-1.8.5.jar:"$LIB"/jackson-mapper-asl-1.8.5.jar:"$LIB"/log4j-api-2.17.1.jar:"$LIB"/org.restlet-1.1.10.jar:"$LIB"/zkclient-0.1.jar:"$LIB"/zookeeper-3.3.4.jar
 # echo $CLASSPATH
 
 java -Dlog4j2.formatMsgNoLookups=true -cp "$CLASSPATH" 
org.apache.helix.filestore.Emitter $@
diff --git a/recipes/rsync-replicated-file-system/bin/setup-cluster.sh 
b/recipes/rsync-replicated-file-system/bin/setup-cluster.sh
index efd035bc5..96d98320b 100755
--- a/recipes/rsync-replicated-file-system/bin/setup-cluster.sh
+++ b/recipes/rsync-replicated-file-system/bin/setup-cluster.sh
@@ -20,7 +20,7 @@
 
 script_dir=`dirname $0`
 LIB=$script_dir/../lib
-CLASSPATH=$script_dir/../target/classes:"$LIB"/helix-core-0.6.4-SNAPSHOT.jar:"$LIB"/rabbitmq-client.jar:"$LIB"/commons-cli-1.1.jar:"$LIB"/commons-io-1.2.jar:"$LIB"/commons-math-2.1.jar:"$LIB"/jackson-core-asl-1.8.5.jar:"$LIB"/jackson-mapper-asl-1.8.5.jar:"$LIB"/log4j-api-2.17.1.jar:"$LIB"/org.restlet-1.1.10.jar:"$LIB"/zkclient-0.1.jar:"$LIB"/zookeeper-3.3.4.jar
+CLASSPATH=$script_dir/../target/classes:"$LIB"/helix-core-0.6.4-SNAPSHOT.jar:"$LIB"/rabbitmq-client.jar:"$LIB"/commons-cli-1.1.jar:"$LIB"/commons-io-2.11.0.jar:"$LIB"/commons-math-2.1.jar:"$LIB"/jackson-core-asl-1.8.5.jar:"$LIB"/jackson-mapper-asl-1.8.5.jar:"$LIB"/log4j-api-2.17.1.jar:"$LIB"/org.restlet-1.1.10.jar:"$LIB"/zkclient-0.1.jar:"$LIB"/zookeeper-3.3.4.jar
 # echo $CLASSPATH
 
 java -Dlog4j2.formatMsgNoLookups=true -cp "$CLASSPATH" 
org.apache.helix.filestore.SetupConsumerCluster $@
diff --git a/recipes/rsync-replicated-file-system/bin/start-cluster-manager.sh 
b/recipes/rsync-replicated-file-system/bin/start-cluster-manager.sh
index cd1d0df90..24c3ed66a 100755
--- a/recipes/rsync-replicated-file-system/bin/start-cluster-manager.sh
+++ b/recipes/rsync-replicated-file-system/bin/start-cluster-manager.sh
@@ -20,7 +20,7 @@
 
 script_dir=`dirname $0`
 LIB=$script_dir/../lib
-CLASSPATH=$script_dir/../target/classes:"$LIB"/helix-core-0.6.4-SNAPSHOT.jar:"$LIB"/rabbitmq-client.jar:"$LIB"/commons-cli-1.1.jar:"$LIB"/commons-io-1.2.jar:"$LIB"/commons-math-2.1.jar:"$LIB"/jackson-core-asl-1.8.5.jar:"$LIB"/jackson-mapper-asl-1.8.5.jar:"$LIB"/log4j-api-2.17.1.jar:"$LIB"/org.restlet-1.1.10.jar:"$LIB"/zkclient-0.1.jar:"$LIB"/zookeeper-3.3.4.jar
+CLASSPATH=$script_dir/../target/classes:"$LIB"/helix-core-0.6.4-SNAPSHOT.jar:"$LIB"/rabbitmq-client.jar:"$LIB"/commons-cli-1.1.jar:"$LIB"/commons-io-2.11.0.jar:"$LIB"/commons-math-2.1.jar:"$LIB"/jackson-core-asl-1.8.5.jar:"$LIB"/jackson-mapper-asl-1.8.5.jar:"$LIB"/log4j-api-2.17.1.jar:"$LIB"/org.restlet-1.1.10.jar:"$LIB"/zkclient-0.1.jar:"$LIB"/zookeeper-3.3.4.jar
 # echo $CLASSPATH
 
 java -Dlog4j2.formatMsgNoLookups=true -cp "$CLASSPATH" 
org.apache.helix.filestore.StartClusterManager $@
diff --git a/recipes/rsync-replicated-file-system/bin/start-consumer.sh 
b/recipes/rsync-replicated-file-system/bin/start-consumer.sh
index 512fd708c..15964ee5f 100755
--- a/recipes/rsync-replicated-file-system/bin/start-consumer.sh
+++ b/recipes/rsync-replicated-file-system/bin/start-consumer.sh
@@ -20,7 +20,7 @@
 
 script_dir=`dirname $0`
 LIB=$script_dir/../lib
-CLASSPATH=$script_dir/../target/classes:"$LIB"/helix-core-0.6.4-SNAPSHOT.jar:"$LIB"/rabbitmq-client.jar:"$LIB"/commons-cli-1.1.jar:"$LIB"/commons-io-1.2.jar:"$LIB"/commons-math-2.1.jar:"$LIB"/jackson-core-asl-1.8.5.jar:"$LIB"/jackson-mapper-asl-1.8.5.jar:"$LIB"/log4j-api-2.17.1.jar:"$LIB"/org.restlet-1.1.10.jar:"$LIB"/zkclient-0.1.jar:"$LIB"/zookeeper-3.3.4.jar
+CLASSPATH=$script_dir/../target/classes:"$LIB"/helix-core-0.6.4-SNAPSHOT.jar:"$LIB"/rabbitmq-client.jar:"$LIB"/commons-cli-1.1.jar:"$LIB"/commons-io-2.11.0.jar:"$LIB"/commons-math-2.1.jar:"$LIB"/jackson-core-asl-1.8.5.jar:"$LIB"/jackson-mapper-asl-1.8.5.jar:"$LIB"/log4j-api-2.17.1.jar:"$LIB"/org.restlet-1.1.10.jar:"$LIB"/zkclient-0.1.jar:"$LIB"/zookeeper-3.3.4.jar
 # echo $CLASSPATH
 
 java -Dlog4j2.formatMsgNoLookups=true -cp "$CLASSPATH" 
org.apache.helix.filestore.FileStore $@
diff --git a/zookeeper-api/pom.xml b/zookeeper-api/pom.xml
index cca12a212..8e68c5d26 100644
--- a/zookeeper-api/pom.xml
+++ b/zookeeper-api/pom.xml
@@ -95,7 +95,7 @@
     <dependency>
       <groupId>commons-io</groupId>
       <artifactId>commons-io</artifactId>
-      <version>2.6</version>
+      <version>2.11.0</version>
       <scope>test</scope>
     </dependency>
     <dependency>

[helix] branch master updated: [issue-1727] upgrade to commons-io 2.11.0 due to cve (#2040)

Reply via email to