[pinot] branch master updated: upgrade netty due to security vulnerability (#8328)

siddteotia Wed, 09 Mar 2022 14:55:49 -0800

This is an automated email from the ASF dual-hosted git repository.

siddteotia pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pinot.git



The following commit(s) were added to refs/heads/master by this push:
     new b0f5d16  upgrade netty due to security vulnerability (#8328)
b0f5d16 is described below

commit b0f5d1658d87230061615d6dc9ccbc1792b0a2b4
Author: Sharayu Deepak Gandhi <[email protected]>
AuthorDate: Wed Mar 9 14:54:57 2022 -0800

    upgrade netty due to security vulnerability (#8328)
---
 LICENSE-binary                                     | 34 +++++++++++-----------
 pinot-connectors/pinot-flink-connector/pom.xml     |  4 +++
 .../pinot-stream-ingestion/pinot-pulsar/pom.xml    |  8 ++---
 pom.xml                                            |  2 +-
 4 files changed, 26 insertions(+), 22 deletions(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index def59ed..f50d29e 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -283,24 +283,24 @@ io.grpc:grpc-netty-shaded:1.30.0
 io.grpc:grpc-protobuf-lite:1.19.0
 io.grpc:grpc-protobuf:1.30.0
 io.grpc:grpc-stub:1.30.0
-io.netty:netty-all:4.1.54.Final
-io.netty:netty-buffer:4.1.54.Final
-io.netty:netty-codec-dns:4.1.60.Final
-io.netty:netty-codec-haproxy:4.1.60.Final
-io.netty:netty-codec-http2:4.1.54.Final
-io.netty:netty-codec-http:4.1.54.Final
-io.netty:netty-codec-socks:4.1.54.Final
-io.netty:netty-codec:4.1.54.Final
-io.netty:netty-common:4.1.54.Final
-io.netty:netty-handler-proxy:4.1.54.Final
-io.netty:netty-handler:4.1.54.Final
-io.netty:netty-resolver-dns:4.1.60.Final
-io.netty:netty-resolver:4.1.54.Final
+io.netty:netty-all:4.1.74.Final
+io.netty:netty-buffer:4.1.74.Final
+io.netty:netty-codec-dns:4.1.74.Final
+io.netty:netty-codec-haproxy:4.1.74.Final
+io.netty:netty-codec-http2:4.1.74.Final
+io.netty:netty-codec-http:4.1.74.Final
+io.netty:netty-codec-socks:4.1.74.Final
+io.netty:netty-codec:4.1.74.Final
+io.netty:netty-common:4.1.74.Final
+io.netty:netty-handler-proxy:4.1.74.Final
+io.netty:netty-handler:4.1.74.Final
+io.netty:netty-resolver-dns:4.1.74.Final
+io.netty:netty-resolver:4.1.74.Final
 io.netty:netty-tcnative-boringssl-static:2.0.36.Final
-io.netty:netty-transport-native-epoll:4.1.54.Final
-io.netty:netty-transport-native-kqueue:4.1.54.Final
-io.netty:netty-transport-native-unix-common:4.1.54.Final
-io.netty:netty-transport:4.1.54.Final
+io.netty:netty-transport-native-epoll:4.1.74.Final
+io.netty:netty-transport-native-kqueue:4.1.74.Final
+io.netty:netty-transport-native-unix-common:4.1.74.Final
+io.netty:netty-transport:4.1.74.Final
 io.netty:netty:3.9.6.Final
 io.opencensus:opencensus-api:0.24.0
 io.opencensus:opencensus-contrib-http-util:0.24.0
diff --git a/pinot-connectors/pinot-flink-connector/pom.xml 
b/pinot-connectors/pinot-flink-connector/pom.xml
index 1170564..48782f1 100644
--- a/pinot-connectors/pinot-flink-connector/pom.xml
+++ b/pinot-connectors/pinot-flink-connector/pom.xml
@@ -51,6 +51,10 @@
           <groupId>io.netty</groupId>
           <artifactId>netty-transport-native-unix-common</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>io.netty</groupId>
+          <artifactId>netty-transport-native-kqueue</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>
diff --git a/pinot-plugins/pinot-stream-ingestion/pinot-pulsar/pom.xml 
b/pinot-plugins/pinot-stream-ingestion/pinot-pulsar/pom.xml
index 861819a..c1a8755 100644
--- a/pinot-plugins/pinot-stream-ingestion/pinot-pulsar/pom.xml
+++ b/pinot-plugins/pinot-stream-ingestion/pinot-pulsar/pom.xml
@@ -42,7 +42,7 @@
     <javax.servlet-api.version>3.1.0</javax.servlet-api.version>
     <javax.ws.rs-api.version>2.1</javax.ws.rs-api.version>
     
<jersey-container-grizzly2-http.version>2.28</jersey-container-grizzly2-http.version>
-    <netty-io.version>4.1.60.Final</netty-io.version>
+    <netty.version>4.1.74.Final</netty.version>
     <simpleclient_common.version>0.8.1</simpleclient_common.version>
     <grpc-proto.version>1.12.0</grpc-proto.version>
     <grpc-context.version>1.14.0</grpc-context.version>
@@ -269,7 +269,7 @@
     <dependency>
       <groupId>io.netty</groupId>
       <artifactId>netty-resolver</artifactId>
-      <version>${netty-io.version}</version>
+      <version>${netty.version}</version>
     </dependency>
     <dependency>
       <groupId>io.prometheus</groupId>
@@ -364,12 +364,12 @@
     <dependency>
       <groupId>io.netty</groupId>
       <artifactId>netty-codec-socks</artifactId>
-      <version>${netty-io.version}</version>
+      <version>${netty.version}</version>
     </dependency>
     <dependency>
       <groupId>io.netty</groupId>
       <artifactId>netty-transport-native-unix-common</artifactId>
-      <version>${netty-io.version}</version>
+      <version>${netty.version}</version>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
diff --git a/pom.xml b/pom.xml
index 6317421..f56dbc9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -147,7 +147,7 @@
     <zstd-jni.version>1.4.9-5</zstd-jni.version>
     <lz4-java.version>1.7.1</lz4-java.version>
     <log4j.version>2.17.1</log4j.version>
-    <netty.version>4.1.60.Final</netty.version>
+    <netty.version>4.1.74.Final</netty.version>
     <netty-tcnative.version>2.0.36.Final</netty-tcnative.version>
     <reactivestreams.version>1.0.3</reactivestreams.version>
     <jts.version>1.16.1</jts.version>

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[pinot] branch master updated: upgrade netty due to security vulnerability (#8328)

Reply via email to