[pulsar] branch branch-2.10 updated: [fix][sec] Fix transitive critical CVEs in file-system tiered storage (#19957)

Thu, 30 Mar 2023 00:13:14 -0700 

This is an automated email from the ASF dual-hosted git repository.

nicoloboschi pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/branch-2.10 by this push:
     new e078c6dda7f [fix][sec] Fix transitive critical CVEs in file-system 
tiered storage (#19957)
e078c6dda7f is described below

commit e078c6dda7f4cb8ee1a7c43c3428d1ab88b780bd
Author: Nicolò Boschi <[email protected]>
AuthorDate: Wed Mar 29 14:38:02 2023 +0200

    [fix][sec] Fix transitive critical CVEs in file-system tiered storage 
(#19957)
    
    (cherry picked from commit 07acdbc8541c1eeb724361713e7fd136d4c93fc3)
---
 pom.xml                            |  6 +++---
 tiered-storage/file-system/pom.xml | 25 -------------------------
 2 files changed, 3 insertions(+), 28 deletions(-)

diff --git a/pom.xml b/pom.xml
index ffdd41e704b..d7bf95e5f3b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -154,8 +154,8 @@ flexible messaging model and an intuitive client 
API.</description>
     <postgresql-jdbc.version>42.4.1</postgresql-jdbc.version>
     <clickhouse-jdbc.version>0.3.2</clickhouse-jdbc.version>
     <mariadb-jdbc.version>2.7.5</mariadb-jdbc.version>
-    <hdfs-offload-version3>3.3.3</hdfs-offload-version3>
-    <json-smart.version>2.4.7</json-smart.version>
+    <hdfs-offload-version3>3.3.5</hdfs-offload-version3>
+    <json-smart.version>2.4.10</json-smart.version>
     <opensearch.version>1.2.4</opensearch.version>
     <presto.version>332</presto.version>
     <scala.binary.version>2.13</scala.binary.version>
@@ -232,7 +232,7 @@ flexible messaging model and an intuitive client 
API.</description>
     <objenesis.version>3.1</objenesis.version>
     <awaitility.version>4.0.3</awaitility.version>
     <reload4j.version>1.2.22</reload4j.version>
-    <jettison.version>1.5.3</jettison.version>
+    <jettison.version>1.5.4</jettison.version>
     <woodstox.version>5.4.0</woodstox.version>
 
     <!-- Plugin dependencies -->
diff --git a/tiered-storage/file-system/pom.xml 
b/tiered-storage/file-system/pom.xml
index e3087580398..00cb649054e 100644
--- a/tiered-storage/file-system/pom.xml
+++ b/tiered-storage/file-system/pom.xml
@@ -53,31 +53,6 @@
             </exclusions>
         </dependency>
         <!-- fix hadoop-commons vulnerable dependencies -->
-        <dependency>
-            <groupId>com.sun.jersey</groupId>
-            <artifactId>jersey-json</artifactId>
-            <!-- same version used by hadoop-common-->
-            <version>1.19</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.codehaus.jackson</groupId>
-                    <artifactId>jackson-core-asl</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.codehaus.jackson</groupId>
-                    <artifactId>jackson-mapper-asl</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.codehaus.jackson</groupId>
-                    <artifactId>jackson-jaxrs</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.codehaus.jackson</groupId>
-                    <artifactId>jackson-xc</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <!-- fix hadoop-commons vulnerable dependencies -->
         <dependency>
             <groupId>org.apache.avro</groupId>
             <artifactId>avro</artifactId>

Reply via email to