This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 71dafe89755 [improve] Upgrade wildfly-eytron (used by debezium) to fix
CVE-2022-3143 (#19333)
71dafe89755 is described below
commit 71dafe89755272c1003daaec0457e79a22d663a1
Author: Andrey Yegorov <[email protected]>
AuthorDate: Sat Feb 4 05:04:05 2023 -0800
[improve] Upgrade wildfly-eytron (used by debezium) to fix CVE-2022-3143
(#19333)
---
pom.xml | 4 +++-
pulsar-io/debezium/pom.xml | 40 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 43 insertions(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 579df6c11d8..3d7a2934da4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -188,6 +188,8 @@ flexible messaging model and an intuitive client
API.</description>
<debezium.version>1.9.7.Final</debezium.version>
<debezium.postgresql.version>42.5.0</debezium.postgresql.version>
<debezium.mysql.version>8.0.30</debezium.mysql.version>
+ <!-- Override version that brings CVE-2022-3143 with debezium -->
+ <wildfly-elytron.version>1.15.16.Final</wildfly-elytron.version>
<jsonwebtoken.version>0.11.1</jsonwebtoken.version>
<opencensus.version>0.28.0</opencensus.version>
<hadoop2.version>2.10.2</hadoop2.version>
@@ -289,7 +291,7 @@ flexible messaging model and an intuitive client
API.</description>
<errorprone-slf4j.version>0.1.4</errorprone-slf4j.version>
<j2objc-annotations.version>1.3</j2objc-annotations.version>
<lightproto-maven-plugin.version>0.4</lightproto-maven-plugin.version>
- <dependency-check-maven.version>7.4.4</dependency-check-maven.version>
+ <dependency-check-maven.version>8.0.1</dependency-check-maven.version>
<roaringbitmap.version>0.9.15</roaringbitmap.version>
<extra-enforcer-rules.version>1.6.1</extra-enforcer-rules.version>
<oshi.version>6.4.0</oshi.version>
diff --git a/pulsar-io/debezium/pom.xml b/pulsar-io/debezium/pom.xml
index 98d0e50971c..b18dba876d2 100644
--- a/pulsar-io/debezium/pom.xml
+++ b/pulsar-io/debezium/pom.xml
@@ -31,6 +31,46 @@
<artifactId>pulsar-io-debezium</artifactId>
<name>Pulsar IO :: Debezium</name>
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.wildfly.security</groupId>
+ <artifactId>wildfly-elytron-sasl-digest</artifactId>
+ <version>${wildfly-elytron.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wildfly.security</groupId>
+ <artifactId>wildfly-elytron-sasl-external</artifactId>
+ <version>${wildfly-elytron.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wildfly.security</groupId>
+ <artifactId>wildfly-elytron-sasl-gs2</artifactId>
+ <version>${wildfly-elytron.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wildfly.security</groupId>
+ <artifactId>wildfly-elytron-sasl-oauth2</artifactId>
+ <version>${wildfly-elytron.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wildfly.security</groupId>
+ <artifactId>wildfly-elytron-sasl-plain</artifactId>
+ <version>${wildfly-elytron.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wildfly.security</groupId>
+ <artifactId>wildfly-elytron-sasl-scram</artifactId>
+ <version>${wildfly-elytron.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wildfly.security</groupId>
+ <artifactId>wildfly-elytron-password-impl</artifactId>
+ <version>${wildfly-elytron.version}</version>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+
<modules>
<module>core</module>
<module>mysql</module>
