[pulsar] branch branch-2.10 updated: [fix][security] Fix secure problem CVE-2017-1000487 (#19479)

Tue, 14 Feb 2023 17:09:00 -0800 

This is an automated email from the ASF dual-hosted git repository.

penghui pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/branch-2.10 by this push:
     new fb5477b7d8b [fix][security] Fix secure problem CVE-2017-1000487 
(#19479)
fb5477b7d8b is described below

commit fb5477b7d8b00bba6715ac9ad8cdd059baa6c92e
Author: ran <[email protected]>
AuthorDate: Wed Feb 15 09:08:47 2023 +0800

    [fix][security] Fix secure problem CVE-2017-1000487 (#19479)
---
 pulsar-sql/pom.xml                     |  1 +
 pulsar-sql/presto-distribution/LICENSE |  2 +-
 pulsar-sql/presto-distribution/pom.xml |  9 +++++++++
 pulsar-sql/presto-pulsar/pom.xml       | 11 +++++++++++
 4 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/pulsar-sql/pom.xml b/pulsar-sql/pom.xml
index b1c33ae5edd..a3826f3eceb 100644
--- a/pulsar-sql/pom.xml
+++ b/pulsar-sql/pom.xml
@@ -43,6 +43,7 @@
         <okhttp3.version>3.14.9</okhttp3.version>
         <!-- use okio version that matches the okhttp3 version -->
         <okio.version>1.17.2</okio.version>
+        <plexus.version>3.0.16</plexus.version>
     </properties>
 
     <dependencyManagement>
diff --git a/pulsar-sql/presto-distribution/LICENSE 
b/pulsar-sql/presto-distribution/LICENSE
index 53260fba017..320a98d52ae 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -377,7 +377,7 @@ The Apache Software License, Version 2.0
     - plexus-container-default-1.5.5.jar
     - plexus-interpolation-1.14.jar
     - plexus-sec-dispatcher-1.3.jar
-    - plexus-utils-2.0.6.jar
+    - plexus-utils-3.0.16.jar
   * Apache XBean :: Reflect
     - xbean-reflect-3.4.jar
   * Avro
diff --git a/pulsar-sql/presto-distribution/pom.xml 
b/pulsar-sql/presto-distribution/pom.xml
index 6ec1bffd417..94ebf0ab366 100644
--- a/pulsar-sql/presto-distribution/pom.xml
+++ b/pulsar-sql/presto-distribution/pom.xml
@@ -77,6 +77,11 @@
       <version>${jersey.version}</version>
     </dependency>
 
+    <dependency>
+      <groupId>org.codehaus.plexus</groupId>
+      <artifactId>plexus-utils</artifactId>
+      <version>${plexus.version}</version>
+    </dependency>
     <dependency>
       <groupId>io.prestosql</groupId>
       <artifactId>presto-main</artifactId>
@@ -99,6 +104,10 @@
           <groupId>com.google.inject.extensions</groupId>
           <artifactId>guice-multibindings</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.codehaus.plexus</groupId>
+          <artifactId>plexus-utils</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
 
diff --git a/pulsar-sql/presto-pulsar/pom.xml b/pulsar-sql/presto-pulsar/pom.xml
index d9e567deb60..cbf23c4aed6 100644
--- a/pulsar-sql/presto-pulsar/pom.xml
+++ b/pulsar-sql/presto-pulsar/pom.xml
@@ -113,11 +113,22 @@
             <version>${javax.annotation-api.version}</version>
         </dependency>
 
+        <dependency>
+            <groupId>org.codehaus.plexus</groupId>
+            <artifactId>plexus-utils</artifactId>
+            <version>${plexus.version}</version>
+        </dependency>
         <dependency>
             <groupId>io.prestosql</groupId>
             <artifactId>presto-main</artifactId>
             <version>${presto.version}</version>
             <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.codehaus.plexus</groupId>
+                    <artifactId>plexus-utils</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>

Reply via email to