This is an automated email from the ASF dual-hosted git repository.
technoboy pushed a commit to branch branch-3.1
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-3.1 by this push:
new e6bebabe56f [fix][sec] Upgrade rabbitmq client to address
CVE-2023-46120 (#21619)
e6bebabe56f is described below
commit e6bebabe56f63d544635fd02ecd870e58957b545
Author: Xiangying Meng <[email protected]>
AuthorDate: Mon Nov 27 18:20:09 2023 +0800
[fix][sec] Upgrade rabbitmq client to address CVE-2023-46120 (#21619)
Co-authored-by: Jiwe Guo <[email protected]>
---
distribution/server/pom.xml | 6 ++++++
distribution/server/src/assemble/LICENSE.bin.txt | 2 --
managed-ledger/pom.xml | 6 ++++++
pom.xml | 8 +++++++-
pulsar-sql/presto-distribution/LICENSE | 2 --
5 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/distribution/server/pom.xml b/distribution/server/pom.xml
index 5addb2c2142..94dfb5cdccb 100644
--- a/distribution/server/pom.xml
+++ b/distribution/server/pom.xml
@@ -155,6 +155,12 @@
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-graphite</artifactId>
+ <exclusions>
+ <exclusion>
+ <artifactId>amqp-client</artifactId>
+ <groupId>com.rabbitmq</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt
b/distribution/server/src/assemble/LICENSE.bin.txt
index 258ba8e9baf..a3aa54a9e17 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -499,8 +499,6 @@ The Apache Software License, Version 2.0
- com.github.seancfoley-ipaddress-5.3.3.jar
* RxJava
- io.reactivex.rxjava3-rxjava-3.0.1.jar
- * RabbitMQ Java Client
- - com.rabbitmq-amqp-client-5.5.3.jar
* RoaringBitmap
- org.roaringbitmap-RoaringBitmap-0.9.44.jar
diff --git a/managed-ledger/pom.xml b/managed-ledger/pom.xml
index c3a500c2714..26b79b6514a 100644
--- a/managed-ledger/pom.xml
+++ b/managed-ledger/pom.xml
@@ -47,6 +47,12 @@
<groupId>org.apache.bookkeeper.stats</groupId>
<artifactId>codahale-metrics-provider</artifactId>
<version>${bookkeeper.version}</version>
+ <exclusions>
+ <exclusion>
+ <artifactId>amqp-client</artifactId>
+ <groupId>com.rabbitmq</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
diff --git a/pom.xml b/pom.xml
index eaa0c48c5ca..e31c70a87a6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -175,7 +175,7 @@ flexible messaging model and an intuitive client
API.</description>
<cassandra.version>3.11.2</cassandra.version>
<aerospike-client.version>4.4.20</aerospike-client.version>
<kafka-client.version>3.4.0</kafka-client.version>
- <rabbitmq-client.version>5.5.3</rabbitmq-client.version>
+ <rabbitmq-client.version>5.18.0</rabbitmq-client.version>
<aws-sdk.version>1.12.262</aws-sdk.version>
<avro.version>1.10.2</avro.version>
<joda.version>2.10.10</joda.version>
@@ -406,6 +406,12 @@ flexible messaging model and an intuitive client
API.</description>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-graphite</artifactId>
<version>${dropwizardmetrics.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.rabbitmq</groupId>
+ <artifactId>amqp-client</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>io.dropwizard.metrics</groupId>
diff --git a/pulsar-sql/presto-distribution/LICENSE
b/pulsar-sql/presto-distribution/LICENSE
index 0f61055260d..e9dcabd5bb3 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -478,8 +478,6 @@ The Apache Software License, Version 2.0
- audience-annotations-0.12.0.jar
* Perfmark
- perfmark-api-0.26.0.jar
- * RabbitMQ Java Client
- - amqp-client-5.5.3.jar
* Stream Lib
- stream-2.9.5.jar
* High Performance Primitive Collections for Java
