This is an automated email from the ASF dual-hosted git repository.
zhaocong pushed a commit to branch branch-2.9
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-2.9 by this push:
new 49b678b765a [improve] Upgrade wildfly-eytron (used by debezium) to fix
CVE-2022-3143 (#19333)
49b678b765a is described below
commit 49b678b765a525b4aeb41360931c4236052ef418
Author: Andrey Yegorov <[email protected]>
AuthorDate: Sat Feb 4 21:04:05 2023 +0800
[improve] Upgrade wildfly-eytron (used by debezium) to fix CVE-2022-3143
(#19333)
(cherry picked from commit 71dafe89755272c1003daaec0457e79a22d663a1)
---
pom.xml | 4 +++-
pulsar-io/debezium/pom.xml | 40 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 43 insertions(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 9543ada7260..69d6ce9b7a3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -160,6 +160,8 @@ flexible messaging model and an intuitive client
API.</description>
<scala-library.version>2.13.10</scala-library.version>
<debezium.version>1.7.1.Final</debezium.version>
<debezium.postgresql.version>42.4.1</debezium.postgresql.version>
+ <!-- Override version that brings CVE-2022-3143 with debezium -->
+ <wildfly-elytron.version>1.15.16.Final</wildfly-elytron.version>
<jsonwebtoken.version>0.11.1</jsonwebtoken.version>
<opencensus.version>0.28.0</opencensus.version>
<hbase.version>2.3.0</hbase.version>
@@ -255,7 +257,7 @@ flexible messaging model and an intuitive client
API.</description>
<errorprone-slf4j.version>0.1.4</errorprone-slf4j.version>
<j2objc-annotations.version>1.3</j2objc-annotations.version>
<lightproto-maven-plugin.version>0.4</lightproto-maven-plugin.version>
- <dependency-check-maven.version>7.4.4</dependency-check-maven.version>
+ <dependency-check-maven.version>8.0.1</dependency-check-maven.version>
<roaringbitmap.version>0.9.15</roaringbitmap.version>
<!-- Used to configure rename.netty.native. Libs -->
diff --git a/pulsar-io/debezium/pom.xml b/pulsar-io/debezium/pom.xml
index b50799ac9d4..229513a117c 100644
--- a/pulsar-io/debezium/pom.xml
+++ b/pulsar-io/debezium/pom.xml
@@ -31,6 +31,46 @@
<artifactId>pulsar-io-debezium</artifactId>
<name>Pulsar IO :: Debezium</name>
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.wildfly.security</groupId>
+ <artifactId>wildfly-elytron-sasl-digest</artifactId>
+ <version>${wildfly-elytron.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wildfly.security</groupId>
+ <artifactId>wildfly-elytron-sasl-external</artifactId>
+ <version>${wildfly-elytron.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wildfly.security</groupId>
+ <artifactId>wildfly-elytron-sasl-gs2</artifactId>
+ <version>${wildfly-elytron.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wildfly.security</groupId>
+ <artifactId>wildfly-elytron-sasl-oauth2</artifactId>
+ <version>${wildfly-elytron.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wildfly.security</groupId>
+ <artifactId>wildfly-elytron-sasl-plain</artifactId>
+ <version>${wildfly-elytron.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wildfly.security</groupId>
+ <artifactId>wildfly-elytron-sasl-scram</artifactId>
+ <version>${wildfly-elytron.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wildfly.security</groupId>
+ <artifactId>wildfly-elytron-password-impl</artifactId>
+ <version>${wildfly-elytron.version}</version>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+
<modules>
<module>core</module>
<module>mysql</module>
