[pulsar] branch branch-2.11 updated: [fix][sec] Fix transitive critical CVEs in file-system tiered storage (#19957)

Thu, 30 Mar 2023 00:13:49 -0700 

This is an automated email from the ASF dual-hosted git repository.

nicoloboschi pushed a commit to branch branch-2.11
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/branch-2.11 by this push:
     new 14f97930e65 [fix][sec] Fix transitive critical CVEs in file-system 
tiered storage (#19957)
14f97930e65 is described below

commit 14f97930e65108dcae4621b837efb3cc5c8a9de1
Author: Nicolò Boschi <[email protected]>
AuthorDate: Wed Mar 29 14:38:02 2023 +0200

    [fix][sec] Fix transitive critical CVEs in file-system tiered storage 
(#19957)
    
    (cherry picked from commit 07acdbc8541c1eeb724361713e7fd136d4c93fc3)
---
 pom.xml                            |  6 +++---
 tiered-storage/file-system/pom.xml | 25 -------------------------
 2 files changed, 3 insertions(+), 28 deletions(-)

diff --git a/pom.xml b/pom.xml
index 933d262c6b0..63b6864432c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -167,8 +167,8 @@ flexible messaging model and an intuitive client 
API.</description>
     <clickhouse-jdbc.version>0.3.2</clickhouse-jdbc.version>
     <mariadb-jdbc.version>2.7.5</mariadb-jdbc.version>
     <openmldb-jdbc.version>0.4.4-hotfix1</openmldb-jdbc.version>
-    <hdfs-offload-version3>3.3.3</hdfs-offload-version3>
-    <json-smart.version>2.4.7</json-smart.version>
+    <hdfs-offload-version3>3.3.5</hdfs-offload-version3>
+    <json-smart.version>2.4.10</json-smart.version>
     <opensearch.version>1.2.4</opensearch.version>
     <elasticsearch-java.version>8.5.2</elasticsearch-java.version>
     <presto.version>334</presto.version>
@@ -245,7 +245,7 @@ flexible messaging model and an intuitive client 
API.</description>
     <objenesis.version>3.1</objenesis.version>
     <awaitility.version>4.2.0</awaitility.version>
     <reload4j.version>1.2.22</reload4j.version>
-    <jettison.version>1.5.3</jettison.version>
+    <jettison.version>1.5.4</jettison.version>
     <woodstox.version>5.4.0</woodstox.version>
     <wiremock.version>2.33.2</wiremock.version>
 
diff --git a/tiered-storage/file-system/pom.xml 
b/tiered-storage/file-system/pom.xml
index 53db70847bc..6b588c63937 100644
--- a/tiered-storage/file-system/pom.xml
+++ b/tiered-storage/file-system/pom.xml
@@ -53,31 +53,6 @@
             </exclusions>
         </dependency>
         <!-- fix hadoop-commons vulnerable dependencies -->
-        <dependency>
-            <groupId>com.sun.jersey</groupId>
-            <artifactId>jersey-json</artifactId>
-            <!-- same version used by hadoop-common-->
-            <version>1.19</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.codehaus.jackson</groupId>
-                    <artifactId>jackson-core-asl</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.codehaus.jackson</groupId>
-                    <artifactId>jackson-mapper-asl</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.codehaus.jackson</groupId>
-                    <artifactId>jackson-jaxrs</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.codehaus.jackson</groupId>
-                    <artifactId>jackson-xc</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <!-- fix hadoop-commons vulnerable dependencies -->
         <dependency>
             <groupId>org.apache.avro</groupId>
             <artifactId>avro</artifactId>

Reply via email to