This is an automated email from the ASF dual-hosted git repository.
dockerzhang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/inlong.git
The following commit(s) were added to refs/heads/master by this push:
new ae15c8bfc9 [INLONG-8682][Security] Fix the Guava vulnerable to
insecure use of temporary directory (#8733)
ae15c8bfc9 is described below
commit ae15c8bfc9582f0457cfdcd25497d1881f23d5c7
Author: Every365 <[email protected]>
AuthorDate: Wed Aug 16 16:34:42 2023 +0800
[INLONG-8682][Security] Fix the Guava vulnerable to insecure use of
temporary directory (#8733)
Co-authored-by: root <[email protected]>
---
licenses/inlong-agent/LICENSE | 2 +-
licenses/inlong-audit/LICENSE | 2 +-
licenses/inlong-dataproxy/LICENSE | 4 ++--
licenses/inlong-manager/LICENSE | 2 +-
licenses/inlong-sort-connectors/LICENSE | 2 +-
licenses/inlong-sort/LICENSE | 2 +-
licenses/inlong-tubemq-manager/LICENSE | 2 +-
licenses/inlong-tubemq-server/LICENSE | 2 +-
pom.xml | 2 +-
9 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/licenses/inlong-agent/LICENSE b/licenses/inlong-agent/LICENSE
index debb9d8e35..7939942332 100644
--- a/licenses/inlong-agent/LICENSE
+++ b/licenses/inlong-agent/LICENSE
@@ -388,7 +388,7 @@ The text of each license is the standard Apache 2.0 license.
org.apache.flume:flume-ng-sdk:1.9.0 - Flume NG SDK
(https://github.com/apache/flume/tree/flume-1.9/flume-ng-sdk), (The Apache
Software License, Version 2.0)
org.apache.flume.flume-ng-channels:flume-spillable-memory-channel:1.9.0 -
Flume NG Spillable Memory channel
(https://github.com/apache/flume/tree/flume-1.9/flume-ng-channels/flume-spillable-memory-channel),
(The Apache Software License, Version 2.0)
com.google.code.gson:gson:2.8.6 - Gson
(https://github.com/google/gson/gson), (Apache 2.0)
- com.google.guava:guava:31.0.1-jre - Guava: Google Core Libraries for Java
(https://github.com/google/guava), (Apache License, Version 2.0)
+ com.google.guava:guava:32.1.2-jre - Guava: Google Core Libraries for Java
(https://github.com/google/guava), (Apache License, Version 2.0)
org.apache.httpcomponents:httpclient:4.5.13 - Apache HttpClient
(http://hc.apache.org/httpcomponents-client), (Apache License, Version 2.0)
org.apache.httpcomponents:httpcore:4.4.14 - Apache HttpCore
(http://hc.apache.org/httpcomponents-core-ga), (Apache License, Version 2.0)
org.schwering:irclib:1.10 - IRC client library
(http://moepii.sourceforge.net), (The Apache Software License, Version 2.0,
Eclipse Public License, Version 1.0; GNU LESSER GENERAL PUBLIC LICENSE,
Version 2.1)
diff --git a/licenses/inlong-audit/LICENSE b/licenses/inlong-audit/LICENSE
index 5ad3f32856..5f0dcb7cc6 100644
--- a/licenses/inlong-audit/LICENSE
+++ b/licenses/inlong-audit/LICENSE
@@ -383,7 +383,7 @@ The text of each license is the standard Apache 2.0 license.
org.apache.flume:flume-ng-sdk:1.9.0 - Flume NG SDK
(https://github.com/apache/flume/tree/flume-1.9/flume-ng-sdk), (The Apache
Software License, Version 2.0)
org.apache.flume.flume-ng-channels:flume-spillable-memory-channel:1.9.0 -
Flume NG Spillable Memory channel
(https://github.com/apache/flume/tree/flume-1.9/flume-ng-channels/flume-spillable-memory-channel),
(The Apache Software License, Version 2.0)
com.google.code.gson:gson:2.8.6 - Gson
(https://github.com/google/gson/gson), (Apache 2.0)
- com.google.guava:guava:31.0.1-jre - Guava: Google Core Libraries for Java
(https://github.com/google/guava), (Apache License, Version 2.0)
+ com.google.guava:guava:32.1.2-jre - Guava: Google Core Libraries for Java
(https://github.com/google/guava), (Apache License, Version 2.0)
com.zaxxer:HikariCP:4.0.3 - HikariCP
(https://github.com/brettwooldridge/HikariCP/tree/HikariCP-4.0.3), (The Apache
Software License, Version 2.0)
org.apache.httpcomponents:httpasyncclient:4.1.2 - Apache HttpAsyncClient
(http://hc.apache.org/httpcomponents-asyncclient), (Apache License, Version 2.0)
org.apache.httpcomponents:httpclient:4.5.13 - Apache HttpClient
(http://hc.apache.org/httpcomponents-client), (Apache License, Version 2.0)
diff --git a/licenses/inlong-dataproxy/LICENSE
b/licenses/inlong-dataproxy/LICENSE
index 7efa0e3cf1..b5987f3a3f 100644
--- a/licenses/inlong-dataproxy/LICENSE
+++ b/licenses/inlong-dataproxy/LICENSE
@@ -363,7 +363,7 @@ The text of each license is the standard Apache 2.0 license.
com.google.guava:failureaccess:1.0.1 - Guava InternalFutureFailureAccess and
InternalFutures (https://github.com/google/guava/tree/failureaccess-v1.0.1),
(The Apache Software License, Version 2.0)
com.alibaba:fastjson:1.2.83 - fastjson
(https://github.com/alibaba/fastjson), (Apache 2)
org.apache.flume.flume-ng-channels:flume-file-channel:1.10.0 - Flume NG
file-based channel
(https://github.com/apache/flume/tree/flume-1.10.0/flume-ng-channels/flume-file-channel),
(The Apache Software License, Version 2.0)
- org.apache.flume.flume-ng-sinks:flume-hdfs-sink:1.10.0 - Flume NG HDFS Sink
(https://github.com/apache/flume/tree/flume-1.10.0/flume-ng-sinks/flume-hdfs-sink),
(The Apache Software License, Version 2.0)
+ org.apache.flume.flume-ng-32.1.2sinks:flume-hdfs-sink:1.10.0 - Flume NG HDFS
Sink
(https://github.com/apache/flume/tree/flume-1.10.0/flume-ng-sinks/flume-hdfs-sink),
(The Apache Software License, Version 2.0)
org.apache.flume.flume-ng-sinks:flume-irc-sink:1.10.0 - Flume NG IRC Sink
(https://github.com/apache/flume/tree/flume-1.10.0/flume-ng-sinks/flume-irc-sink),
(The Apache Software License, Version 2.0)
org.apache.flume.flume-ng-channels:flume-jdbc-channel:1.10.0 - Flume NG JDBC
channel
(https://github.com/apache/flume/tree/flume-1.10.0/flume-ng-channels/flume-jdbc-channel),
(The Apache Software License, Version 2.0)
org.apache.flume:flume-ng-auth:1.10.0 - Flume Auth
(https://github.com/apache/flume/tree/flume-1.10.0/flume-ng-auth), (The Apache
Software License, Version 2.0)
@@ -374,7 +374,7 @@ The text of each license is the standard Apache 2.0 license.
org.apache.flume:flume-ng-sdk:1.10.0 - Flume NG SDK
(https://github.com/apache/flume/tree/flume-1.10.0/flume-ng-sdk), (The Apache
Software License, Version 2.0)
org.apache.flume.flume-ng-channels:flume-spillable-memory-channel:1.10.0 -
Flume NG Spillable Memory channel
(https://github.com/apache/flume/tree/flume-1.10.0/flume-ng-channels/flume-spillable-memory-channel),
(The Apache Software License, Version 2.0)
com.google.code.gson:gson:2.8.6 - Gson
(https://github.com/google/gson/gson), (Apache 2.0)
- com.google.guava:guava:31.0.1-jre - Guava: Google Core Libraries for Java
(https://github.com/google/guava), (Apache License, Version 2.0)
+ com.google.guava:guava:-jre - Guava: Google Core Libraries for Java
(https://github.com/google/guava), (Apache License, Version 2.0)
org.apache.httpcomponents:httpclient:4.5.13 - Apache HttpClient
(https://hc.apache.org/httpcomponents-client-4.5.x), (Apache License, Version
2.0)
org.apache.httpcomponents:httpcore:4.4.14 - Apache HttpCore
(https://hc.apache.org/httpcomponents-core-4.4.x), (Apache License, Version 2.0)
org.schwering:irclib:1.10 - IRC client library
(http://moepii.sourceforge.net), (The Apache Software License, Version 2.0),
(Apache 2.0 and EPL 1.0 and LGPL 2.1)
diff --git a/licenses/inlong-manager/LICENSE b/licenses/inlong-manager/LICENSE
index 55c6342c72..75dd8c3917 100644
--- a/licenses/inlong-manager/LICENSE
+++ b/licenses/inlong-manager/LICENSE
@@ -426,7 +426,7 @@ The text of each license is the standard Apache 2.0 license.
org.apache.flink:flink-table-runtime-blink_2.11:1.13.5 - Flink : Table :
Runtime Blink
(https://flink.apache.org/flink-table/flink-table-runtime-blink_2.11), (The
Apache Software License, Version 2.0)
org.apache.flink:force-shading:1.13.5 - Flink : Tools : Force Shading
(https://github.com/apache/flink/tree/release-1.13.5/tools/force-shading), (The
Apache Software License, Version 2.0)
com.google.code.gson:gson:2.8.6 - Gson
(https://github.com/google/gson/gson), (Apache 2.0)
- com.google.guava:guava:31.0.1-jre - Guava: Google Core Libraries for Java
(https://github.com/google/guava), (Apache License, Version 2.0)
+ com.google.guava:guava:32.1.2-jre - Guava: Google Core Libraries for Java
(https://github.com/google/guava), (Apache License, Version 2.0)
com.google.inject:guice:3.0 - Google Guice - Core Library
(https://github.com/google/guice), (The Apache Software License, Version 2.0)
com.google.inject.extensions:guice-assistedinject:3.0 - Google Guice -
Extensions - AssistedInject
(https://github.com/google/guice/tree/3.0/extensions/assistedinject), (The
Apache Software License, Version 2.0)
com.google.inject.extensions:guice-servlet:3.0 - Google Guice - Extensions -
Servlet (https://github.com/google/guice), (The Apache Software License,
Version 2.0)
diff --git a/licenses/inlong-sort-connectors/LICENSE
b/licenses/inlong-sort-connectors/LICENSE
index 1ae494461e..26c1d9ee15 100644
--- a/licenses/inlong-sort-connectors/LICENSE
+++ b/licenses/inlong-sort-connectors/LICENSE
@@ -846,7 +846,7 @@ The text of each license is the standard Apache 2.0 license.
org.apache.flink:flink-shaded-guava:18.0-13.0 - flink-shaded-guava-18
(https://github.com/apache/flink-shaded/tree/release-13.0/flink-shaded-guava-18),
(The Apache Software License, Version 2.0)
org.apache.flink:force-shading:1.13.5 - Flink : Tools : Force Shading
(https://github.com/apache/flink/tree/release-1.13/tools/force-shading),
(Apache License, Version 2.0)
com.google.code.gson:gson:2.8.6 - Gson
(https://github.com/google/gson/gson), (Apache 2.0)
- com.google.guava:guava:31.0.1-jre - Guava: Google Core Libraries for Java
(https://github.com/google/guava), (Apache License, Version 2.0)
+ com.google.guava:guava:32.1.2-jre - Guava: Google Core Libraries for Java
(https://github.com/google/guava), (Apache License, Version 2.0)
com.google.inject:guice:4.0 - Google Guice - Core Library
(https://github.com/google/guice), (The Apache Software License, Version 2.0)
com.google.inject.extensions:guice-servlet:4.0 - Google Guice - Extensions -
Servlet (https://github.com/google/guice), (The Apache Software License,
Version 2.0)
org.apache.hbase:hbase-client:2.2.3 - Apache HBase - Client
(https://hbase.apache.org/), (Apache License, Version 2.0)
diff --git a/licenses/inlong-sort/LICENSE b/licenses/inlong-sort/LICENSE
index 6fb0a06952..8f798137e7 100644
--- a/licenses/inlong-sort/LICENSE
+++ b/licenses/inlong-sort/LICENSE
@@ -387,7 +387,7 @@ The text of each license is the standard Apache 2.0 license.
org.apache.flink:flink-sql-parquet_2.11:1.13.5 - Flink : Formats : SQL
Parquet (https://flink.apache.org/flink-formats/flink-sql-parquet_2.11)
org.apache.flink:force-shading:1.13.5 - Flink : Tools : Force Shading
(https://www.apache.org/force-shading/), (Apache License, Version 2.0)
com.google.code.gson:gson:2.8.6 - Gson
(https://github.com/google/gson/gson), (Apache 2.0)
- com.google.guava:guava:31.0.1-jre - Guava: Google Core Libraries for Java
(https://github.com/google/guava), (Apache License, Version 2.0)
+ com.google.guava:guava:32.1.2-jre - Guava: Google Core Libraries for Java
(https://github.com/google/guava), (Apache License, Version 2.0)
org.apache.httpcomponents:httpclient:4.5.13 - Apache HttpClient
(https://hc.apache.org/httpcomponents-client-4.5.x/index.html), (Apache
License, Version 2.0)
org.apache.httpcomponents:httpcore:4.4.14 - Apache HttpCore
(https://hc.apache.org/httpcomponents-core-4.4.x/index.html), (Apache License,
Version 2.0)
com.google.j2objc:j2objc-annotations:1.3 - J2ObjC Annotations
(https://github.com/google/j2objc/), (The Apache Software License, Version 2.0)
diff --git a/licenses/inlong-tubemq-manager/LICENSE
b/licenses/inlong-tubemq-manager/LICENSE
index 9e5ca8f38b..003ac749f1 100644
--- a/licenses/inlong-tubemq-manager/LICENSE
+++ b/licenses/inlong-tubemq-manager/LICENSE
@@ -371,7 +371,7 @@ The text of each license is the standard Apache 2.0 license.
commons-logging:commons-logging:1.2 - Apache Commons Logging
(https://commons.apache.org/proper/commons-logging), (The Apache Software
License, Version 2.0)
org.atteo:evo-inflector:1.3 - Evo Inflector
(https://github.com/atteo/evo-inflector), (Apache License, Version 2.0)
com.google.code.gson:gson:2.8.6 - Gson
(https://github.com/google/gson/gson), (Apache 2.0)
- com.google.guava:guava:31.0.1-jre - Guava: Google Core Libraries for Java
(http://code.google.com/p/guava-libraries/guava), (The Apache Software License,
Version 2.0)
+ com.google.guava:guava:32.1.2-jre - Guava: Google Core Libraries for Java
(http://code.google.com/p/guava-libraries/guava), (The Apache Software License,
Version 2.0)
com.zaxxer:HikariCP:4.0.3 - HikariCP
(https://github.com/brettwooldridge/HikariCP/tree/HikariCP-4.0.3), (The Apache
Software License, Version 2.0)
org.apache.httpcomponents:httpclient:4.5.13 - Apache HttpClient
(https://hc.apache.org/httpcomponents-client-4.5.x), (Apache License, Version
2.0)
org.apache.httpcomponents:httpcore:4.4.14 - Apache HttpCore
(https://hc.apache.org/httpcomponents-core-4.4.x), (Apache License, Version 2.0)
diff --git a/licenses/inlong-tubemq-server/LICENSE
b/licenses/inlong-tubemq-server/LICENSE
index 15521aeabe..b5418502d8 100644
--- a/licenses/inlong-tubemq-server/LICENSE
+++ b/licenses/inlong-tubemq-server/LICENSE
@@ -377,7 +377,7 @@ The text of each license is the standard Apache 2.0 license.
com.google.errorprone:error_prone_annotations:2.7.1 - error-prone
annotations (https://github.com/google/error-prone), (Apache 2.0)
com.google.guava:failureaccess:1.0.1 - Guava InternalFutureFailureAccess and
InternalFutures (https://github.com/google/guava/tree/failureaccess-v1.0.1),
(The Apache Software License, Version 2.0)
com.google.code.gson:gson:2.8.6 - Gson
(https://github.com/google/gson/gson), (Apache 2.0)
- com.google.guava:guava:31.0.1-jre - Guava: Google Core Libraries for Java
(https://github.com/google/guava), (Apache License, Version 2.0)
+ com.google.guava:guava:32.1.2-jre - Guava: Google Core Libraries for Java
(https://github.com/google/guava), (Apache License, Version 2.0)
org.apache.httpcomponents:httpclient:4.5.13 - Apache HttpClient
(https://hc.apache.org/httpcomponents-client-4.5.x), (Apache License, Version
2.0)
org.apache.httpcomponents:httpcore:4.4.14 - Apache HttpCore
(https://hc.apache.org/httpcomponents-core-4.4.x), (Apache License, Version 2.0)
org.ini4j:ini4j:0.5.1 - ini4j (http://ini4j.sourceforge.net), (Apache 2)
diff --git a/pom.xml b/pom.xml
index 85108c8200..da81741fa2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -126,7 +126,7 @@
<commons.collections.version>3.2.2</commons.collections.version>
<commons.collections4.version>4.3</commons.collections4.version>
- <guava.version>31.0.1-jre</guava.version>
+ <guava.version>32.1.2-jre</guava.version>
<lombok.version>1.18.22</lombok.version>
<jetty.version>9.4.51.v20230217</jetty.version>
<opencsv.version>5.4</opencsv.version>
