This is an automated email from the ASF dual-hosted git repository.
chengpan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kyuubi.git
The following commit(s) were added to refs/heads/master by this push:
new b80faa473 [KYUUBI #6177] Bump BouncyCastle from 1.67 to 1.77
b80faa473 is described below
commit b80faa47382620642411c216d09629cf309a0b33
Author: Cheng Pan <[email protected]>
AuthorDate: Wed Mar 13 14:00:12 2024 +0800
[KYUUBI #6177] Bump BouncyCastle from 1.67 to 1.77
# :mag: Description
## Issue References ๐
They have stopped patching the JDK 1.5 jars that Hadoop uses (see
[HADOOP-18540](https://issues.apache.org/jira/browse/HADOOP-18540)).
The new artifacts have similar names - but the names are like
bcprov-jdk18on as opposed to bcprov-jdk15on.
CVE-2023-33201 is an example of a security issue that seems only to be
fixed in the JDK 1.8 artifacts (ie no JDK 1.5 jar has the fix).
https://www.bouncycastle.org/releasenotes.html#r1rv77 latest current
release but the CVE was fixed in 1.74.
To be clear, Kyuubi only uses BouncyCastle for testing, the CVE does not
affect Kyuubi distribution.
## Describe Your Solution ๐ง
Bump BouncyCastle from 1.67 to 1.77, and change the artifactId from
`*-jdk15on` to `*jdk18on`.
## Types of changes :bookmark:
- [ ] Bugfix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality to change)
## Test Plan ๐งช
Pass GA.
---
# Checklist ๐
- [x] This patch was not authored or co-authored using [Generative
Tooling](https://www.apache.org/legal/generative-tooling.html)
**Be nice. Be informative.**
Closes #6177 from pan3793/bouncycastle.
Closes #6177
8595b98c1 [Cheng Pan] Bump BouncyCastle from 1.67 to 1.77
b9e7123f6 [Cheng Pan] Bump bouncycastle from 1.67 to 1.77
Authored-by: Cheng Pan <[email protected]>
Signed-off-by: Cheng Pan <[email protected]>
---
externals/kyuubi-flink-sql-engine/pom.xml | 4 ++--
integration-tests/kyuubi-flink-it/pom.xml | 4 ++--
integration-tests/kyuubi-hive-it/pom.xml | 4 ++--
kyuubi-server/pom.xml | 4 ++--
pom.xml | 11 ++++++++---
5 files changed, 16 insertions(+), 11 deletions(-)
diff --git a/externals/kyuubi-flink-sql-engine/pom.xml
b/externals/kyuubi-flink-sql-engine/pom.xml
index d01f05fed..6bf367d76 100644
--- a/externals/kyuubi-flink-sql-engine/pom.xml
+++ b/externals/kyuubi-flink-sql-engine/pom.xml
@@ -148,13 +148,13 @@
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
+ <artifactId>bcpkix-jdk18on</artifactId>
<scope>test</scope>
</dependency>
diff --git a/integration-tests/kyuubi-flink-it/pom.xml
b/integration-tests/kyuubi-flink-it/pom.xml
index 15699be1d..5d78492bf 100644
--- a/integration-tests/kyuubi-flink-it/pom.xml
+++ b/integration-tests/kyuubi-flink-it/pom.xml
@@ -88,13 +88,13 @@
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
+ <artifactId>bcpkix-jdk18on</artifactId>
<scope>test</scope>
</dependency>
diff --git a/integration-tests/kyuubi-hive-it/pom.xml
b/integration-tests/kyuubi-hive-it/pom.xml
index cdd9fa4d9..3f7069a70 100644
--- a/integration-tests/kyuubi-hive-it/pom.xml
+++ b/integration-tests/kyuubi-hive-it/pom.xml
@@ -78,13 +78,13 @@
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
+ <artifactId>bcpkix-jdk18on</artifactId>
<scope>test</scope>
</dependency>
diff --git a/kyuubi-server/pom.xml b/kyuubi-server/pom.xml
index 50cf9a857..e7d4faa11 100644
--- a/kyuubi-server/pom.xml
+++ b/kyuubi-server/pom.xml
@@ -296,13 +296,13 @@
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
+ <artifactId>bcpkix-jdk18on</artifactId>
<scope>test</scope>
</dependency>
diff --git a/pom.xml b/pom.xml
index 3dc9d2e57..72c4617de 100644
--- a/pom.xml
+++ b/pom.xml
@@ -125,7 +125,7 @@
<antlr.st4.version>4.3.4</antlr.st4.version>
<apache.archive.dist>https://archive.apache.org/dist</apache.archive.dist>
<atlas.version>2.3.0</atlas.version>
- <bouncycastle.version>1.67</bouncycastle.version>
+ <bouncycastle.version>1.77</bouncycastle.version>
<codahale.metrics.version>4.2.23</codahale.metrics.version>
<commons-cli.version>1.5.0</commons-cli.version>
<commons-codec.version>1.15</commons-codec.version>
@@ -1021,6 +1021,11 @@
<groupId>junit</groupId>
<artifactId>junit</artifactId>
</exclusion>
+ <!-- HADOOP-19024: replace bcprov-jdk15on with
bcprov-jdk18on -->
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ </exclusion>
</exclusions>
</dependency>
@@ -1149,13 +1154,13 @@
<!-- Used by Yarn Mini Cluster 3.3 -->
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
+ <artifactId>bcprov-jdk18on</artifactId>
<version>${bouncycastle.version}</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
+ <artifactId>bcpkix-jdk18on</artifactId>
<version>${bouncycastle.version}</version>
</dependency>
