This is an automated email from the ASF dual-hosted git repository. stigahuang pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/impala.git
commit 88067c576b0060b2e5ab8e034444f2a98e7e17e9 Author: Michael Smith <[email protected]> AuthorDate: Wed Feb 5 10:57:28 2025 -0800 IMPALA-13740: Update velocity-engine-core to 2.4.1 Updates velocity-engine-core - required by pac4j - to 2.4.1 to avoid including a shaded version of commons-io vulnerable to CVE-2024-47554. Change-Id: I76624851d6f51d1b9d4dd61fc488932a51e9cba0 Reviewed-on: http://gerrit.cloudera.org:8080/22454 Reviewed-by: Michael Smith <[email protected]> Tested-by: Impala Public Jenkins <[email protected]> Reviewed-by: Peter Rozsa <[email protected]> --- bin/impala-config.sh | 1 + java/pom.xml | 12 ++++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/bin/impala-config.sh b/bin/impala-config.sh index d7d0fdf36..7da89e38a 100755 --- a/bin/impala-config.sh +++ b/bin/impala-config.sh @@ -278,6 +278,7 @@ export IMPALA_RELOAD4j_VERSION=1.2.22 export IMPALA_SLF4J_VERSION=2.0.3 export IMPALA_SPRINGFRAMEWORK_VERSION=5.3.39 export IMPALA_XMLSEC_VERSION=2.2.6 +export IMPALA_VELOCITY_ENGINE_CORE_VERSION=2.4.1 export IMPALA_OBS_VERSION=3.1.1-hw-42 export IMPALA_DBCP2_VERSION=2.9.0 export IMPALA_DROPWIZARD_METRICS_VERSION=4.2.26 diff --git a/java/pom.xml b/java/pom.xml index ae5752532..070c5fc51 100644 --- a/java/pom.xml +++ b/java/pom.xml @@ -75,11 +75,13 @@ under the License. <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <iceberg.version>${env.IMPALA_ICEBERG_VERSION}</iceberg.version> <pac4j.version>${env.IMPALA_PAC4J_VERSION}</pac4j.version> - <!-- xmlsec, bcprov-jdk15on and springframework are not used by Impala directly, - but they are needed by pac4j. This uses newer versions to address CVEs. --> + <!-- xmlsec, bcprov-jdk18on, springframework, and velocity-engine-core are not used by + Impala directly, but they are needed by pac4j. This uses newer versions to + address CVEs. --> <xmlsec.version>${env.IMPALA_XMLSEC_VERSION}</xmlsec.version> <bouncy-castle.version>${env.IMPALA_BOUNCY_CASTLE_VERSION}</bouncy-castle.version> <springframework.version>${env.IMPALA_SPRINGFRAMEWORK_VERSION}</springframework.version> + <velocity-engine-core.version>${env.IMPALA_VELOCITY_ENGINE_CORE_VERSION}</velocity-engine-core.version> <json-smart.version>${env.IMPALA_JSON_SMART_VERSION}</json-smart.version> <commons-dbcp2.version>${env.IMPALA_DBCP2_VERSION}</commons-dbcp2.version> <log4j2.version>${env.IMPALA_LOG4J2_VERSION}</log4j2.version> @@ -342,6 +344,12 @@ under the License. <version>${springframework.version}</version> </dependency> + <dependency> + <groupId>org.apache.velocity</groupId> + <artifactId>velocity-engine-core</artifactId> + <version>${velocity-engine-core.version}</version> + </dependency> + <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId>
