This is an automated email from the ASF dual-hosted git repository.
xiangying pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-3.0 by this push:
new 0344814be62 [fix][sec] Upgrade rabbitmq client to address
CVE-2023-46120 (#21619)
0344814be62 is described below
commit 0344814be62d8077444b841f3faaf375183a6622
Author: Xiangying Meng <[email protected]>
AuthorDate: Mon Nov 27 18:20:09 2023 +0800
[fix][sec] Upgrade rabbitmq client to address CVE-2023-46120 (#21619)
Co-authored-by: Jiwe Guo <[email protected]>
(cherry picked from commit 697c1680b9930005a80e5a58a278e8da74f6383e)
---
distribution/server/pom.xml | 6 ++++++
distribution/server/src/assemble/LICENSE.bin.txt | 2 --
managed-ledger/pom.xml | 6 ++++++
pom.xml | 8 +++++++-
pulsar-sql/presto-distribution/LICENSE | 2 --
5 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/distribution/server/pom.xml b/distribution/server/pom.xml
index ec518743b69..7ee2bd88128 100644
--- a/distribution/server/pom.xml
+++ b/distribution/server/pom.xml
@@ -149,6 +149,12 @@
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-graphite</artifactId>
+ <exclusions>
+ <exclusion>
+ <artifactId>amqp-client</artifactId>
+ <groupId>com.rabbitmq</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt
b/distribution/server/src/assemble/LICENSE.bin.txt
index b1cf0cf6985..64a5baf6038 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -499,8 +499,6 @@ The Apache Software License, Version 2.0
- com.github.seancfoley-ipaddress-5.3.3.jar
* RxJava
- io.reactivex.rxjava3-rxjava-3.0.1.jar
- * RabbitMQ Java Client
- - com.rabbitmq-amqp-client-5.5.3.jar
* RoaringBitmap
- org.roaringbitmap-RoaringBitmap-0.9.44.jar
diff --git a/managed-ledger/pom.xml b/managed-ledger/pom.xml
index cd70d81efe2..89a5f238239 100644
--- a/managed-ledger/pom.xml
+++ b/managed-ledger/pom.xml
@@ -47,6 +47,12 @@
<groupId>org.apache.bookkeeper.stats</groupId>
<artifactId>codahale-metrics-provider</artifactId>
<version>${bookkeeper.version}</version>
+ <exclusions>
+ <exclusion>
+ <artifactId>amqp-client</artifactId>
+ <groupId>com.rabbitmq</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
diff --git a/pom.xml b/pom.xml
index ad3a0bbf593..6d45ce360a8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -175,7 +175,7 @@ flexible messaging model and an intuitive client
API.</description>
<cassandra.version>3.11.2</cassandra.version>
<aerospike-client.version>4.4.20</aerospike-client.version>
<kafka-client.version>3.4.0</kafka-client.version>
- <rabbitmq-client.version>5.5.3</rabbitmq-client.version>
+ <rabbitmq-client.version>5.18.0</rabbitmq-client.version>
<aws-sdk.version>1.12.262</aws-sdk.version>
<avro.version>1.11.3</avro.version>
<joda.version>2.10.10</joda.version>
@@ -407,6 +407,12 @@ flexible messaging model and an intuitive client
API.</description>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-graphite</artifactId>
<version>${dropwizardmetrics.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.rabbitmq</groupId>
+ <artifactId>amqp-client</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>io.dropwizard.metrics</groupId>
diff --git a/pulsar-sql/presto-distribution/LICENSE
b/pulsar-sql/presto-distribution/LICENSE
index 784143e96d6..e16728f3ff8 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -480,8 +480,6 @@ The Apache Software License, Version 2.0
- swagger-annotations-1.6.10.jar
* Perfmark
- perfmark-api-0.26.0.jar
- * RabbitMQ Java Client
- - amqp-client-5.5.3.jar
* Stream Lib
- stream-2.9.5.jar
* High Performance Primitive Collections for Java
