[inlong] branch master updated: [INLONG-8685][Sort] Fix the denial of service due to parser crash (#8715)

Tue, 15 Aug 2023 03:32:48 -0700 

This is an automated email from the ASF dual-hosted git repository.

dockerzhang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/inlong.git


The following commit(s) were added to refs/heads/master by this push:
     new 20e189bd77 [INLONG-8685][Sort] Fix the denial of service due to parser 
crash (#8715)
20e189bd77 is described below

commit 20e189bd77579772e7f08560f0def4b905c46d2e
Author: cc0924 <[email protected]>
AuthorDate: Tue Aug 15 18:32:27 2023 +0800

    [INLONG-8685][Sort] Fix the denial of service due to parser crash (#8715)
    
    Co-authored-by: Charles Zhang <[email protected]>
---
 inlong-manager/manager-service/pom.xml                           | 9 +++++++++
 .../sort-flink/sort-flink-v1.13/sort-connectors/hudi/pom.xml     | 1 -
 licenses/inlong-manager/LICENSE                                  | 2 +-
 licenses/inlong-sort-connectors/LICENSE                          | 2 +-
 licenses/inlong-sort-standalone/LICENSE                          | 2 +-
 pom.xml                                                          | 1 +
 6 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/inlong-manager/manager-service/pom.xml 
b/inlong-manager/manager-service/pom.xml
index f421c84fce..0b1c499601 100644
--- a/inlong-manager/manager-service/pom.xml
+++ b/inlong-manager/manager-service/pom.xml
@@ -500,8 +500,17 @@
                     <groupId>net.minidev</groupId>
                     <artifactId>json-smart</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.woodstox</groupId>
+                    <artifactId>woodstox-core</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>com.fasterxml.woodstox</groupId>
+            <artifactId>woodstox-core</artifactId>
+            <version>${woodstox-core.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.apache.hadoop</groupId>
             <artifactId>hadoop-mapreduce-client-core</artifactId>
diff --git 
a/inlong-sort/sort-flink/sort-flink-v1.13/sort-connectors/hudi/pom.xml 
b/inlong-sort/sort-flink/sort-flink-v1.13/sort-connectors/hudi/pom.xml
index de73a9b500..873bf37530 100644
--- a/inlong-sort/sort-flink/sort-flink-v1.13/sort-connectors/hudi/pom.xml
+++ b/inlong-sort/sort-flink/sort-flink-v1.13/sort-connectors/hudi/pom.xml
@@ -32,7 +32,6 @@
         
<inlong.root.dir>${project.parent.parent.parent.parent.parent.basedir}</inlong.root.dir>
         <stax2-api.version>4.2.1</stax2-api.version>
         <guava.version>31.0.1-jre</guava.version>
-        <woodstox-core.version>5.3.0</woodstox-core.version>
     </properties>
 
     <dependencies>
diff --git a/licenses/inlong-manager/LICENSE b/licenses/inlong-manager/LICENSE
index acbbf6bc96..2b0854c3fa 100644
--- a/licenses/inlong-manager/LICENSE
+++ b/licenses/inlong-manager/LICENSE
@@ -587,7 +587,7 @@ The text of each license is the standard Apache 2.0 license.
   org.apache.twill:twill-discovery-api:0.6.0-incubating - Apache Twill 
discovery service API (https://twill.apache.org/), (The Apache Software 
License, Version 2.0)
   org.apache.twill:twill-discovery-core:0.6.0-incubating - Apache Twill 
discovery service implementations (https://twill.apache.org/), (The Apache 
Software License, Version 2.0)
   org.apache.twill:twill-zookeeper:0.6.0-incubating - Apache Twill ZooKeeper 
client library (https://twill.apache.org/), (The Apache Software License, 
Version 2.0)
-  com.fasterxml.woodstox:woodstox-core:5.0.3 - Woodstox 
(https://github.com/FasterXML/woodstox/tree/woodstox-core-5.0.3), (The Apache 
License, Version 2.0)
+  com.fasterxml.woodstox:woodstox-core:5.4.0 - Woodstox 
(https://github.com/FasterXML/woodstox/tree/woodstox-core-5.4.0), (The Apache 
License, Version 2.0)
   xerces:xercesImpl:2.12.0 - Xerces2 Java Parser 
(http://xerces.apache.org/xerces2-j), (The Apache License, Version 2.0)
   xml-apis:xml-apis:1.4.01 - XML Commons External Components XML APIs 
(http://xml.apache.org/commons/components/external/), (The Apache Software 
License, Version 2.0), (Apache 2.0, The SAX License, The W3C License)
   org.apache.zookeeper:zookeeper:3.6.3 - Apache ZooKeeper - Server 
(https://github.com/apache/zookeeper/tree/release-3.6.3/zookeeper-server), 
(Apache License, Version 2.0)
diff --git a/licenses/inlong-sort-connectors/LICENSE 
b/licenses/inlong-sort-connectors/LICENSE
index ec366eb875..d631d5551d 100644
--- a/licenses/inlong-sort-connectors/LICENSE
+++ b/licenses/inlong-sort-connectors/LICENSE
@@ -959,7 +959,7 @@ The text of each license is the standard Apache 2.0 license.
   org.xerial.snappy:snappy-java:1.1.10.1 - snappy-java 
(https://github.com/xerial/snappy-java), (Apache-2.0)
   com.tdunning:t-digest:3.2 - T-Digest 
(https://github.com/tdunning/t-digest/tree/t-digest-3.2), (The Apache Software 
License, Version 2.0)
   javax.validation:validation-api:1.1.0.Final - Bean Validation API 
(http://beanvalidation.org), (The Apache Software License, Version 2.0)
-  com.fasterxml.woodstox:woodstox-core:5.0.3 - Woodstox 
(https://github.com/FasterXML/woodstox/tree/woodstox-core-5.0.3), (The Apache 
License, Version 2.0)
+  com.fasterxml.woodstox:woodstox-core:5.4.0 - Woodstox 
(https://github.com/FasterXML/woodstox/tree/woodstox-core-5.4.0), (The Apache 
License, Version 2.0)
   org.apache.zookeeper:zookeeper:3.4.14 - Apache ZooKeeper - Server 
(https://github.com/apache/zookeeper/tree/release-3.4.14/zookeeper-server), 
(Apache License, Version 2.0)
   org.ini4j:ini4j:0.5.1 - ini4j (https://sourceforge.net/projects/ini4j), (The 
Apache Software License, Version 2.0)
   org.apache.doris:flink-doris-connector-1.13_2.11:1.0.3 - Flink Connector for 
Apache Doris 
(https://github.com/apache/doris-flink-connector/tree/1.13_2.11-1.0.3), (The 
Apache Software License, Version 2.0)
diff --git a/licenses/inlong-sort-standalone/LICENSE 
b/licenses/inlong-sort-standalone/LICENSE
index 1e68650349..3c6ed21021 100644
--- a/licenses/inlong-sort-standalone/LICENSE
+++ b/licenses/inlong-sort-standalone/LICENSE
@@ -487,7 +487,7 @@ The text of each license is the standard Apache 2.0 license.
   com.tencentcloudapi.cls:tencentcloud-cls-sdk-java:1.0.9 - 
tencentcloud-cls-sdk-java 
(https://github.com/TencentCloud/tencentcloud-cls-sdk-java/tree/v1.0.9), 
(Apache License, Version 2.0)
   javax.validation:validation-api:1.1.0.Final - Bean Validation API 
(http://beanvalidation.org), (The Apache Software License, Version 2.0)
   org.apache.velocity:velocity-engine-core:2.3 - Apache Velocity - Engine 
(https://github.com/apache/velocity-engine/tree/2.3/velocity-engine-core), 
(Apache License, Version 2.0)
-  com.fasterxml.woodstox:woodstox-core:5.0.3 - Woodstox 
(https://github.com/FasterXML/woodstox/tree/woodstox-core-5.0.3), (The Apache 
License, Version 2.0)
+  com.fasterxml.woodstox:woodstox-core:5.4.0 - Woodstox 
(https://github.com/FasterXML/woodstox/tree/woodstox-core-5.4.0), (The Apache 
License, Version 2.0)
   xerces:xercesImpl:2.12.0 - Xerces2 Java Parser 
(http://xerces.apache.org/xerces2-j), (The Apache License, Version 2.0)
   xml-apis:xml-apis:1.4.01 - XML Commons External Components XML APIs 
(http://xml.apache.org/commons/components/external/), (The Apache Software 
License, Version 2.0), (Apache 2.0, The SAX License, The W3C License)
   org.apache.zookeeper:zookeeper:3.6.3 - Apache ZooKeeper - Server 
(https://github.com/apache/zookeeper/tree/release-3.6.3/zookeeper-server), 
(Apache License, Version 2.0)
diff --git a/pom.xml b/pom.xml
index 7bbe9a9c98..58209d6b51 100644
--- a/pom.xml
+++ b/pom.xml
@@ -201,6 +201,7 @@
         <tomcat.version>8.5.53</tomcat.version>
         <jedis.version>2.9.0</jedis.version>
         <poi.version>5.2.3</poi.version>
+        <woodstox-core.version>5.4.0</woodstox-core.version>
     </properties>
 
     <dependencyManagement>

Reply via email to