(hudi) branch master updated: [HUDI-8805] Upgrade commons-io version to 2.14.0 to fix CVE-2024-47554 (#12709)

Sat, 25 Jan 2025 13:12:20 -0800 

This is an automated email from the ASF dual-hosted git repository.

yihua pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hudi.git


The following commit(s) were added to refs/heads/master by this push:
     new c802d5f60f8 [HUDI-8805] Upgrade commons-io version to 2.14.0 to fix 
CVE-2024-47554 (#12709)
c802d5f60f8 is described below

commit c802d5f60f8cfd186b9977857884ec643dc674fb
Author: senthh <[email protected]>
AuthorDate: Sun Jan 26 02:42:09 2025 +0530

    [HUDI-8805] Upgrade commons-io version to 2.14.0 to fix CVE-2024-47554 
(#12709)
---
 dependencies/hudi-flink-bundle_2.11.txt      | 2 +-
 dependencies/hudi-flink-bundle_2.12.txt      | 2 +-
 dependencies/hudi-hadoop-mr-bundle.txt       | 2 +-
 dependencies/hudi-hive-sync-bundle.txt       | 2 +-
 dependencies/hudi-integ-test-bundle.txt      | 2 +-
 dependencies/hudi-kafka-connect-bundle.txt   | 2 +-
 dependencies/hudi-presto-bundle.txt          | 2 +-
 dependencies/hudi-spark-bundle_2.11.txt      | 2 +-
 dependencies/hudi-spark-bundle_2.12.txt      | 2 +-
 dependencies/hudi-spark3-bundle_2.12.txt     | 2 +-
 dependencies/hudi-timeline-server-bundle.txt | 2 +-
 dependencies/hudi-utilities-bundle_2.11.txt  | 2 +-
 dependencies/hudi-utilities-bundle_2.12.txt  | 2 +-
 pom.xml                                      | 2 +-
 14 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/dependencies/hudi-flink-bundle_2.11.txt 
b/dependencies/hudi-flink-bundle_2.11.txt
index a38c9114946..db53cad3397 100644
--- a/dependencies/hudi-flink-bundle_2.11.txt
+++ b/dependencies/hudi-flink-bundle_2.11.txt
@@ -59,7 +59,7 @@ commons-dbcp/commons-dbcp/1.4//commons-dbcp-1.4.jar
 commons-digester/commons-digester/1.8//commons-digester-1.8.jar
 commons-el/commons-el/1.0//commons-el-1.0.jar
 commons-httpclient/commons-httpclient/3.0.1//commons-httpclient-3.0.1.jar
-commons-io/commons-io/2.4//commons-io-2.4.jar
+commons-io/commons-io/2.14.0//commons-io-2.14.0.jar
 commons-lang/commons-lang/2.6//commons-lang-2.6.jar
 commons-lang3/org.apache.commons/3.1//commons-lang3-3.1.jar
 commons-logging/commons-logging/1.2//commons-logging-1.2.jar
diff --git a/dependencies/hudi-flink-bundle_2.12.txt 
b/dependencies/hudi-flink-bundle_2.12.txt
index 37f957aeebd..580de44707f 100644
--- a/dependencies/hudi-flink-bundle_2.12.txt
+++ b/dependencies/hudi-flink-bundle_2.12.txt
@@ -59,7 +59,7 @@ commons-dbcp/commons-dbcp/1.4//commons-dbcp-1.4.jar
 commons-digester/commons-digester/1.8//commons-digester-1.8.jar
 commons-el/commons-el/1.0//commons-el-1.0.jar
 commons-httpclient/commons-httpclient/3.0.1//commons-httpclient-3.0.1.jar
-commons-io/commons-io/2.4//commons-io-2.4.jar
+commons-io/commons-io/2.14.0//commons-io-2.14.0.jar
 commons-lang/commons-lang/2.6//commons-lang-2.6.jar
 commons-lang3/org.apache.commons/3.1//commons-lang3-3.1.jar
 commons-logging/commons-logging/1.2//commons-logging-1.2.jar
diff --git a/dependencies/hudi-hadoop-mr-bundle.txt 
b/dependencies/hudi-hadoop-mr-bundle.txt
index 8d9a6ce2f42..17b2e6370f9 100644
--- a/dependencies/hudi-hadoop-mr-bundle.txt
+++ b/dependencies/hudi-hadoop-mr-bundle.txt
@@ -34,7 +34,7 @@ 
commons-configuration/commons-configuration/1.6//commons-configuration-1.6.jar
 commons-daemon/commons-daemon/1.0.13//commons-daemon-1.0.13.jar
 commons-digester/commons-digester/1.8//commons-digester-1.8.jar
 commons-httpclient/commons-httpclient/3.1//commons-httpclient-3.1.jar
-commons-io/commons-io/2.4//commons-io-2.4.jar
+commons-io/commons-io/2.14.0//commons-io-2.14.0.jar
 commons-lang/commons-lang/2.6//commons-lang-2.6.jar
 commons-logging/commons-logging/1.2//commons-logging-1.2.jar
 commons-math/org.apache.commons/2.2//commons-math-2.2.jar
diff --git a/dependencies/hudi-hive-sync-bundle.txt 
b/dependencies/hudi-hive-sync-bundle.txt
index 5b5f4b73c9e..207c7fe56c4 100644
--- a/dependencies/hudi-hive-sync-bundle.txt
+++ b/dependencies/hudi-hive-sync-bundle.txt
@@ -34,7 +34,7 @@ 
commons-configuration/commons-configuration/1.6//commons-configuration-1.6.jar
 commons-daemon/commons-daemon/1.0.13//commons-daemon-1.0.13.jar
 commons-digester/commons-digester/1.8//commons-digester-1.8.jar
 commons-httpclient/commons-httpclient/3.1//commons-httpclient-3.1.jar
-commons-io/commons-io/2.4//commons-io-2.4.jar
+commons-io/commons-io/2.14.0//commons-io-2.14.0.jar
 commons-lang/commons-lang/2.6//commons-lang-2.6.jar
 commons-logging/commons-logging/1.2//commons-logging-1.2.jar
 commons-math/org.apache.commons/2.2//commons-math-2.2.jar
diff --git a/dependencies/hudi-integ-test-bundle.txt 
b/dependencies/hudi-integ-test-bundle.txt
index ec0f14e4a44..b7d826df23e 100644
--- a/dependencies/hudi-integ-test-bundle.txt
+++ b/dependencies/hudi-integ-test-bundle.txt
@@ -70,7 +70,7 @@ commons-dbcp/commons-dbcp/1.4//commons-dbcp-1.4.jar
 commons-digester/commons-digester/1.8//commons-digester-1.8.jar
 commons-el/commons-el/1.0//commons-el-1.0.jar
 commons-httpclient/commons-httpclient/3.1//commons-httpclient-3.1.jar
-commons-io/commons-io/2.4//commons-io-2.4.jar
+commons-io/commons-io/2.14.0//commons-io-2.14.0.jar
 commons-lang/commons-lang/2.6//commons-lang-2.6.jar
 commons-lang3/org.apache.commons/3.1//commons-lang3-3.1.jar
 commons-logging/commons-logging/1.1.3//commons-logging-1.1.3.jar
diff --git a/dependencies/hudi-kafka-connect-bundle.txt 
b/dependencies/hudi-kafka-connect-bundle.txt
index ae8932eb16e..cb9920902c9 100644
--- a/dependencies/hudi-kafka-connect-bundle.txt
+++ b/dependencies/hudi-kafka-connect-bundle.txt
@@ -53,7 +53,7 @@ 
commons-crypto/org.apache.commons/1.0.0//commons-crypto-1.0.0.jar
 commons-daemon/commons-daemon/1.0.13//commons-daemon-1.0.13.jar
 commons-digester/commons-digester/1.8//commons-digester-1.8.jar
 commons-httpclient/commons-httpclient/3.1//commons-httpclient-3.1.jar
-commons-io/commons-io/2.4//commons-io-2.4.jar
+commons-io/commons-io/2.14.0//commons-io-2.14.0.jar
 commons-lang/commons-lang/2.6//commons-lang-2.6.jar
 commons-lang3/org.apache.commons/3.3.2//commons-lang3-3.3.2.jar
 commons-logging/commons-logging/1.1.3//commons-logging-1.1.3.jar
diff --git a/dependencies/hudi-presto-bundle.txt 
b/dependencies/hudi-presto-bundle.txt
index 4f8ffc4c774..7d9e4c381da 100644
--- a/dependencies/hudi-presto-bundle.txt
+++ b/dependencies/hudi-presto-bundle.txt
@@ -34,7 +34,7 @@ 
commons-configuration/commons-configuration/1.6//commons-configuration-1.6.jar
 commons-daemon/commons-daemon/1.0.13//commons-daemon-1.0.13.jar
 commons-digester/commons-digester/1.8//commons-digester-1.8.jar
 commons-httpclient/commons-httpclient/3.1//commons-httpclient-3.1.jar
-commons-io/commons-io/2.4//commons-io-2.4.jar
+commons-io/commons-io/2.14.0//commons-io-2.14.0.jar
 commons-lang/commons-lang/2.6//commons-lang-2.6.jar
 commons-logging/commons-logging/1.2//commons-logging-1.2.jar
 commons-math/org.apache.commons/2.2//commons-math-2.2.jar
diff --git a/dependencies/hudi-spark-bundle_2.11.txt 
b/dependencies/hudi-spark-bundle_2.11.txt
index 39d183520a4..ee0fbbd60a8 100644
--- a/dependencies/hudi-spark-bundle_2.11.txt
+++ b/dependencies/hudi-spark-bundle_2.11.txt
@@ -50,7 +50,7 @@ commons-dbcp/commons-dbcp/1.4//commons-dbcp-1.4.jar
 commons-digester/commons-digester/1.8//commons-digester-1.8.jar
 commons-el/commons-el/1.0//commons-el-1.0.jar
 commons-httpclient/commons-httpclient/3.1//commons-httpclient-3.1.jar
-commons-io/commons-io/2.4//commons-io-2.4.jar
+commons-io/commons-io/2.14.0//commons-io-2.14.0.jar
 commons-lang/commons-lang/2.6//commons-lang-2.6.jar
 commons-lang3/org.apache.commons/3.1//commons-lang3-3.1.jar
 commons-logging/commons-logging/1.2//commons-logging-1.2.jar
diff --git a/dependencies/hudi-spark-bundle_2.12.txt 
b/dependencies/hudi-spark-bundle_2.12.txt
index 20777844964..1cae2983c10 100644
--- a/dependencies/hudi-spark-bundle_2.12.txt
+++ b/dependencies/hudi-spark-bundle_2.12.txt
@@ -50,7 +50,7 @@ commons-dbcp/commons-dbcp/1.4//commons-dbcp-1.4.jar
 commons-digester/commons-digester/1.8//commons-digester-1.8.jar
 commons-el/commons-el/1.0//commons-el-1.0.jar
 commons-httpclient/commons-httpclient/3.1//commons-httpclient-3.1.jar
-commons-io/commons-io/2.4//commons-io-2.4.jar
+commons-io/commons-io/2.14.0//commons-io-2.14.0.jar
 commons-lang/commons-lang/2.6//commons-lang-2.6.jar
 commons-lang3/org.apache.commons/3.1//commons-lang3-3.1.jar
 commons-logging/commons-logging/1.2//commons-logging-1.2.jar
diff --git a/dependencies/hudi-spark3-bundle_2.12.txt 
b/dependencies/hudi-spark3-bundle_2.12.txt
index 25f17477744..d23492ddf94 100644
--- a/dependencies/hudi-spark3-bundle_2.12.txt
+++ b/dependencies/hudi-spark3-bundle_2.12.txt
@@ -50,7 +50,7 @@ commons-dbcp/commons-dbcp/1.4//commons-dbcp-1.4.jar
 commons-digester/commons-digester/1.8//commons-digester-1.8.jar
 commons-el/commons-el/1.0//commons-el-1.0.jar
 commons-httpclient/commons-httpclient/3.1//commons-httpclient-3.1.jar
-commons-io/commons-io/2.4//commons-io-2.4.jar
+commons-io/commons-io/2.14.0//commons-io-2.14.0.jar
 commons-lang/commons-lang/2.6//commons-lang-2.6.jar
 commons-lang3/org.apache.commons/3.1//commons-lang3-3.1.jar
 commons-logging/commons-logging/1.2//commons-logging-1.2.jar
diff --git a/dependencies/hudi-timeline-server-bundle.txt 
b/dependencies/hudi-timeline-server-bundle.txt
index 3042a1af5ad..4b9cea977ff 100644
--- a/dependencies/hudi-timeline-server-bundle.txt
+++ b/dependencies/hudi-timeline-server-bundle.txt
@@ -33,7 +33,7 @@ 
commons-configuration/commons-configuration/1.6//commons-configuration-1.6.jar
 commons-daemon/commons-daemon/1.0.13//commons-daemon-1.0.13.jar
 commons-digester/commons-digester/1.8//commons-digester-1.8.jar
 commons-httpclient/commons-httpclient/3.1//commons-httpclient-3.1.jar
-commons-io/commons-io/2.4//commons-io-2.4.jar
+commons-io/commons-io/2.14.0//commons-io-2.14.0.jar
 commons-lang/commons-lang/2.6//commons-lang-2.6.jar
 commons-logging/commons-logging/1.2//commons-logging-1.2.jar
 commons-math/org.apache.commons/2.2//commons-math-2.2.jar
diff --git a/dependencies/hudi-utilities-bundle_2.11.txt 
b/dependencies/hudi-utilities-bundle_2.11.txt
index d884e59098a..ee5f0982b91 100644
--- a/dependencies/hudi-utilities-bundle_2.11.txt
+++ b/dependencies/hudi-utilities-bundle_2.11.txt
@@ -64,7 +64,7 @@ commons-dbcp/commons-dbcp/1.4//commons-dbcp-1.4.jar
 commons-digester/commons-digester/1.8//commons-digester-1.8.jar
 commons-el/commons-el/1.0//commons-el-1.0.jar
 commons-httpclient/commons-httpclient/3.1//commons-httpclient-3.1.jar
-commons-io/commons-io/2.4//commons-io-2.4.jar
+commons-io/commons-io/2.14.0//commons-io-2.14.0.jar
 commons-lang/commons-lang/2.6//commons-lang-2.6.jar
 commons-lang3/org.apache.commons/3.1//commons-lang3-3.1.jar
 commons-logging/commons-logging/1.2//commons-logging-1.2.jar
diff --git a/dependencies/hudi-utilities-bundle_2.12.txt 
b/dependencies/hudi-utilities-bundle_2.12.txt
index 468492edfe3..48e353450ad 100644
--- a/dependencies/hudi-utilities-bundle_2.12.txt
+++ b/dependencies/hudi-utilities-bundle_2.12.txt
@@ -64,7 +64,7 @@ commons-dbcp/commons-dbcp/1.4//commons-dbcp-1.4.jar
 commons-digester/commons-digester/1.8//commons-digester-1.8.jar
 commons-el/commons-el/1.0//commons-el-1.0.jar
 commons-httpclient/commons-httpclient/3.1//commons-httpclient-3.1.jar
-commons-io/commons-io/2.4//commons-io-2.4.jar
+commons-io/commons-io/2.14.0//commons-io-2.14.0.jar
 commons-lang/commons-lang/2.6//commons-lang-2.6.jar
 commons-lang3/org.apache.commons/3.1//commons-lang3-3.1.jar
 commons-logging/commons-logging/1.2//commons-logging-1.2.jar
diff --git a/pom.xml b/pom.xml
index 0804f10fecd..386545c29d7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -172,7 +172,7 @@
     <avro.version>1.11.4</avro.version>
     <bijection-avro.version>0.9.8</bijection-avro.version>
     <caffeine.version>2.9.1</caffeine.version>
-    <commons.io.version>2.11.0</commons.io.version>
+    <commons.io.version>2.14.0</commons.io.version>
     <scala12.version>2.12.15</scala12.version>
     <scala13.version>2.13.8</scala13.version>
     <scala.version>${scala12.version}</scala.version>

Reply via email to