[pulsar] 01/12: Exclude the Netty Reactive Stream from asynchttpclient (#16312)

Wed, 10 Aug 2022 08:17:05 -0700 

This is an automated email from the ASF dual-hosted git repository.

mattisonchao pushed a commit to branch branch-2.9
in repository https://gitbox.apache.org/repos/asf/pulsar.git

commit ba24b40a1f9e9eb3c394e7180149532161829198
Author: Yong Zhang <[email protected]>
AuthorDate: Tue Jul 5 14:48:34 2022 +0800

    Exclude the Netty Reactive Stream from asynchttpclient (#16312)
    
    * Exclude the Netty Reactive Stream from asynchttpclient
    ---
    
    *Motivation*
    
    We upgrade the Netty Reactive Stream in the PR #15990,
    but the asynchttpclient still uses it. We should use
    our project dependency to address the CVE.
    
    * Add the related dependency to the sub module
    
    (cherry picked from commit f9e89edee9ccb88c3656443b1cf6ffbb0aa1ac55)
---
 pom.xml                     | 4 ++++
 pulsar-client-tools/pom.xml | 4 ++++
 pulsar-client/pom.xml       | 5 +++++
 3 files changed, 13 insertions(+)

diff --git a/pom.xml b/pom.xml
index 64be13ca11d..b17952cfc3c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -272,6 +272,10 @@ flexible messaging model and an intuitive client 
API.</description>
             <groupId>io.netty</groupId>
             <artifactId>*</artifactId>
           </exclusion>
+          <exclusion>
+            <groupId>com.typesafe.netty</groupId>
+            <artifactId>netty-reactive-streams</artifactId>
+          </exclusion>
         </exclusions>
       </dependency>
 
diff --git a/pulsar-client-tools/pom.xml b/pulsar-client-tools/pom.xml
index c20458d5129..d74731449db 100644
--- a/pulsar-client-tools/pom.xml
+++ b/pulsar-client-tools/pom.xml
@@ -72,6 +72,10 @@
       <groupId>org.asynchttpclient</groupId>
       <artifactId>async-http-client</artifactId>
     </dependency>
+    <dependency>
+      <groupId>com.typesafe.netty</groupId>
+      <artifactId>netty-reactive-streams</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.apache.commons</groupId>
       <artifactId>commons-lang3</artifactId>
diff --git a/pulsar-client/pom.xml b/pulsar-client/pom.xml
index 233b4f9e5b4..ebac828acb1 100644
--- a/pulsar-client/pom.xml
+++ b/pulsar-client/pom.xml
@@ -94,6 +94,11 @@
       <artifactId>async-http-client</artifactId>
     </dependency>
 
+    <dependency>
+      <groupId>com.typesafe.netty</groupId>
+      <artifactId>netty-reactive-streams</artifactId>
+    </dependency>
+
     <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>slf4j-api</artifactId>

Reply via email to