This is an automated email from the ASF dual-hosted git repository.
xiangying pushed a commit to branch branch-2.11
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-2.11 by this push:
new 95e1de78eb0 cve: exclude ch.qos.logback in canal.protocol * resolve
CVE-2023-6378
95e1de78eb0 is described below
commit 95e1de78eb0243fa6dfbfb1bb6cb35742eb77cfa
Author: xiangying <[email protected]>
AuthorDate: Tue Dec 12 15:33:31 2023 +0800
cve: exclude ch.qos.logback in canal.protocol
* resolve CVE-2023-6378
(cherry picked from commit 2e86e0710c61f23bf63a7a1720ceca556c04c62b)
---
pulsar-io/canal/pom.xml | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/pulsar-io/canal/pom.xml b/pulsar-io/canal/pom.xml
index 9d8be0c16da..74842bf4c57 100644
--- a/pulsar-io/canal/pom.xml
+++ b/pulsar-io/canal/pom.xml
@@ -87,6 +87,12 @@
<groupId>com.alibaba.otter</groupId>
<artifactId>canal.protocol</artifactId>
<version>${canal.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>com.alibaba.otter</groupId>
