This is an automated email from the ASF dual-hosted git repository.
adoroszlai pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/master by this push:
new 650e77753b HDDS-10459. Bump snappy-java to 1.1.10.5 (#6324)
650e77753b is described below
commit 650e77753b50fa4cc52f097be28416f888006635
Author: Slava Tutrinov <[email protected]>
AuthorDate: Mon Mar 4 15:26:00 2024 +0300
HDDS-10459. Bump snappy-java to 1.1.10.5 (#6324)
Fixes:
- CVE-2023-34453
- CVE-2023-34454
- CVE-2023-34455
---
hadoop-hdds/hadoop-dependency-client/pom.xml | 8 ++++++++
hadoop-hdds/hadoop-dependency-server/pom.xml | 8 ++++++++
pom.xml | 6 ++++++
3 files changed, 22 insertions(+)
diff --git a/hadoop-hdds/hadoop-dependency-client/pom.xml
b/hadoop-hdds/hadoop-dependency-client/pom.xml
index d2a8372bdd..f29232090f 100644
--- a/hadoop-hdds/hadoop-dependency-client/pom.xml
+++ b/hadoop-hdds/hadoop-dependency-client/pom.xml
@@ -43,6 +43,10 @@ https://maven.apache.org/xsd/maven-4.0.0.xsd";>
<artifactId>hadoop-common</artifactId>
<version>${hadoop.version}</version>
<exclusions>
+ <exclusion>
+ <groupId>org.xerial.snappy</groupId>
+ <artifactId>snappy-java</artifactId>
+ </exclusion>
<exclusion>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-annotations</artifactId>
@@ -290,5 +294,9 @@ https://maven.apache.org/xsd/maven-4.0.0.xsd";>
</exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>org.xerial.snappy</groupId>
+ <artifactId>snappy-java</artifactId>
+ </dependency>
</dependencies>
</project>
diff --git a/hadoop-hdds/hadoop-dependency-server/pom.xml
b/hadoop-hdds/hadoop-dependency-server/pom.xml
index feaf3de5a1..82e4c33325 100644
--- a/hadoop-hdds/hadoop-dependency-server/pom.xml
+++ b/hadoop-hdds/hadoop-dependency-server/pom.xml
@@ -43,6 +43,10 @@ https://maven.apache.org/xsd/maven-4.0.0.xsd";>
<artifactId>hadoop-common</artifactId>
<version>${hadoop.version}</version>
<exclusions>
+ <exclusion>
+ <groupId>org.xerial.snappy</groupId>
+ <artifactId>snappy-java</artifactId>
+ </exclusion>
<exclusion>
<groupId>org.apache.curator</groupId>
<artifactId>*</artifactId>
@@ -138,5 +142,9 @@ https://maven.apache.org/xsd/maven-4.0.0.xsd";>
</exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>org.xerial.snappy</groupId>
+ <artifactId>snappy-java</artifactId>
+ </dependency>
</dependencies>
</project>
diff --git a/pom.xml b/pom.xml
index 4de8939083..898b675893 100644
--- a/pom.xml
+++ b/pom.xml
@@ -306,6 +306,7 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xs
<native.lib.tmp.dir></native.lib.tmp.dir>
<properties.maven.plugin.version>1.2.1</properties.maven.plugin.version>
<maven.core.version>3.9.6</maven.core.version>
+ <snappy-java.version>1.1.10.5</snappy-java.version>
</properties>
<dependencyManagement>
@@ -1548,6 +1549,11 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xs
<artifactId>mockito-inline</artifactId>
<version>${mockito.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.xerial.snappy</groupId>
+ <artifactId>snappy-java</artifactId>
+ <version>${snappy-java.version}</version>
+ </dependency>
</dependencies>
</dependencyManagement>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
