[pulsar] 14/19: Exclude the Netty Reactive Stream from asynchttpclient (#16312)

Sat, 09 Jul 2022 23:52:52 -0700 

This is an automated email from the ASF dual-hosted git repository.

penghui pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/pulsar.git

commit b5479ee6e459b3d4b6270d72b0a2013057b00b9c
Author: Yong Zhang <[email protected]>
AuthorDate: Tue Jul 5 14:48:34 2022 +0800

    Exclude the Netty Reactive Stream from asynchttpclient (#16312)
    
    * Exclude the Netty Reactive Stream from asynchttpclient
    ---
    
    *Motivation*
    
    We upgrade the Netty Reactive Stream in the PR #15990,
    but the asynchttpclient still uses it. We should use
    our project dependency to address the CVE.
    
    * Add the related dependency to the sub module
    
    (cherry picked from commit f9e89edee9ccb88c3656443b1cf6ffbb0aa1ac55)
---
 pom.xml                     | 4 ++++
 pulsar-client-tools/pom.xml | 4 ++++
 pulsar-client/pom.xml       | 5 +++++
 3 files changed, 13 insertions(+)

diff --git a/pom.xml b/pom.xml
index 9ee55f369d0..724321f7d65 100644
--- a/pom.xml
+++ b/pom.xml
@@ -278,6 +278,10 @@ flexible messaging model and an intuitive client 
API.</description>
             <groupId>io.netty</groupId>
             <artifactId>*</artifactId>
           </exclusion>
+          <exclusion>
+            <groupId>com.typesafe.netty</groupId>
+            <artifactId>netty-reactive-streams</artifactId>
+          </exclusion>
         </exclusions>
       </dependency>
 
diff --git a/pulsar-client-tools/pom.xml b/pulsar-client-tools/pom.xml
index fd750446984..239f35262fc 100644
--- a/pulsar-client-tools/pom.xml
+++ b/pulsar-client-tools/pom.xml
@@ -72,6 +72,10 @@
       <groupId>org.asynchttpclient</groupId>
       <artifactId>async-http-client</artifactId>
     </dependency>
+    <dependency>
+      <groupId>com.typesafe.netty</groupId>
+      <artifactId>netty-reactive-streams</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.apache.commons</groupId>
       <artifactId>commons-lang3</artifactId>
diff --git a/pulsar-client/pom.xml b/pulsar-client/pom.xml
index cfb49ba338d..b858a5fb783 100644
--- a/pulsar-client/pom.xml
+++ b/pulsar-client/pom.xml
@@ -94,6 +94,11 @@
       <artifactId>async-http-client</artifactId>
     </dependency>
 
+    <dependency>
+      <groupId>com.typesafe.netty</groupId>
+      <artifactId>netty-reactive-streams</artifactId>
+    </dependency>
+
     <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>slf4j-api</artifactId>

Reply via email to