nicoloboschi opened a new pull request, #19957: URL: https://github.com/apache/pulsar/pull/19957
### Motivation Currently the file-system tiered storages brings in the following CVEs: - CVE-2023-1436 (from jettison) - CVE-2023-1370 (from json-smart) - sonatype-2022-5820 (from hadoop 3.3.3) ### Modifications All the above are depending from hadoop. - Upgraded hadoop from 3.3.3 to 3.3.5 - removed the jersey-json override since the dependency has changed (https://issues.apache.org/jira/browse/HADOOP-15983) - Upgraded jettison from 1.5.3 to 1.5.4 - Upgraded json-smart from 2.4.7 to 2.4.10 ### Verifying this change - [x] Make sure that the change passes the CI checks. ### Documentation <!-- DO NOT REMOVE THIS SECTION. CHECK THE PROPER BOX ONLY. --> - [ ] `doc` <!-- Your PR contains doc changes. --> - [ ] `doc-required` <!-- Your PR changes impact docs and you will update later --> - [x] `doc-not-needed` <!-- Your PR changes do not impact docs --> - [ ] `doc-complete` <!-- Docs have been already added --> ### Matching PR in forked repository -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
