[pulsar] branch branch-2.11 updated: [fix][sec] Upgrade Guava to 32.1.1 to address CVE-2023-2976 (#20699)

Mon, 10 Jul 2023 20:07:43 -0700 

This is an automated email from the ASF dual-hosted git repository.

technoboy pushed a commit to branch branch-2.11
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/branch-2.11 by this push:
     new e789a71f010 [fix][sec] Upgrade Guava to 32.1.1 to address 
CVE-2023-2976 (#20699)
e789a71f010 is described below

commit e789a71f010ab1e3f0863eb2180ebb4ad61e912a
Author: fengyubiao <[email protected]>
AuthorDate: Wed Jul 5 12:17:27 2023 +0800

    [fix][sec] Upgrade Guava to 32.1.1 to address CVE-2023-2976 (#20699)
---
 buildtools/pom.xml                               | 2 +-
 distribution/server/src/assemble/LICENSE.bin.txt | 2 +-
 distribution/shell/src/assemble/LICENSE.bin.txt  | 2 +-
 pom.xml                                          | 2 +-
 pulsar-sql/presto-distribution/LICENSE           | 2 +-
 pulsar-sql/presto-distribution/pom.xml           | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/buildtools/pom.xml b/buildtools/pom.xml
index 8445583c959..e4c84ba2b0a 100644
--- a/buildtools/pom.xml
+++ b/buildtools/pom.xml
@@ -47,7 +47,7 @@
     <puppycrawl.checkstyle.version>8.37</puppycrawl.checkstyle.version>
     <maven-checkstyle-plugin.version>3.1.2</maven-checkstyle-plugin.version>
     <guice.version>4.2.3</guice.version>
-    <guava.version>32.0.0-jre</guava.version>
+    <guava.version>32.1.1-jre</guava.version>
     <ant.version>1.10.12</ant.version>
     <snakeyaml.version>2.0</snakeyaml.version>
     <mockito.version>3.12.4</mockito.version>
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt 
b/distribution/server/src/assemble/LICENSE.bin.txt
index 35266f1ebb2..c4b06a88262 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -328,7 +328,7 @@ The Apache Software License, Version 2.0
     - com.google.code.gson-gson-2.8.9.jar
     - io.gsonfire-gson-fire-1.8.5.jar
  * Guava
-    - com.google.guava-guava-32.0.0-jre.jar
+    - com.google.guava-guava-32.1.1-jre.jar
     - com.google.guava-failureaccess-1.0.1.jar
     - 
com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
  * J2ObjC Annotations -- com.google.j2objc-j2objc-annotations-1.3.jar
diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt 
b/distribution/shell/src/assemble/LICENSE.bin.txt
index 9c7532e51f3..2d5aa938bae 100644
--- a/distribution/shell/src/assemble/LICENSE.bin.txt
+++ b/distribution/shell/src/assemble/LICENSE.bin.txt
@@ -323,7 +323,7 @@ The Apache Software License, Version 2.0
  * Gson
     - gson-2.8.9.jar
  * Guava
-    - guava-32.0.0-jre.jar
+    - guava-32.1.1-jre.jar
     - failureaccess-1.0.1.jar
     - listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
  * J2ObjC Annotations -- j2objc-annotations-1.3.jar
diff --git a/pom.xml b/pom.xml
index fe831a937a4..de303cd44ad 100644
--- a/pom.xml
+++ b/pom.xml
@@ -181,7 +181,7 @@ flexible messaging model and an intuitive client 
API.</description>
     <jsonwebtoken.version>0.11.1</jsonwebtoken.version>
     <opencensus.version>0.28.0</opencensus.version>
     <hbase.version>2.4.9</hbase.version>
-    <guava.version>32.0.0-jre</guava.version>
+    <guava.version>32.1.1-jre</guava.version>
     <jcip.version>1.0</jcip.version>
     <prometheus-jmx.version>0.16.1</prometheus-jmx.version>
     <confluent.version>7.0.1</confluent.version>
diff --git a/pulsar-sql/presto-distribution/LICENSE 
b/pulsar-sql/presto-distribution/LICENSE
index ea1289c1cec..d1ab7ed196c 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -221,7 +221,7 @@ The Apache Software License, Version 2.0
     - jackson-module-jaxb-annotations-2.14.2.jar
     - jackson-module-jsonSchema-2.14.2.jar
  * Guava
-    - guava-32.0.0-jre.jar
+    - guava-32.1.1-jre.jar
     - listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
     - failureaccess-1.0.1.jar
  * Google Guice
diff --git a/pulsar-sql/presto-distribution/pom.xml 
b/pulsar-sql/presto-distribution/pom.xml
index fe0e68b5cd2..8a1884dc7ac 100644
--- a/pulsar-sql/presto-distribution/pom.xml
+++ b/pulsar-sql/presto-distribution/pom.xml
@@ -37,7 +37,7 @@
     <objenesis.version>2.6</objenesis.version>
     <objectsize.version>0.0.12</objectsize.version>
     <maven.version>3.0.5</maven.version>
-    <guava.version>32.0.0-jre</guava.version>
+    <guava.version>32.1.1-jre</guava.version>
     <asynchttpclient.version>2.12.1</asynchttpclient.version>
     <errorprone.version>2.5.1</errorprone.version>
     <javax.servlet-api>4.0.1</javax.servlet-api>

Reply via email to