(pulsar) branch branch-2.11 updated: [fix][sec] Upgrade Netty to 4.1.100 to address CVE-2023-44487 (#21397)

xiangying Thu, 11 Jan 2024 03:56:45 -0800

This is an automated email from the ASF dual-hosted git repository.

xiangying pushed a commit to branch branch-2.11
in repository https://gitbox.apache.org/repos/asf/pulsar.git



The following commit(s) were added to refs/heads/branch-2.11 by this push:
     new 036f7918a71 [fix][sec] Upgrade Netty to 4.1.100 to address 
CVE-2023-44487 (#21397)
036f7918a71 is described below

commit 036f7918a711cd676fa1573317d98fe9146a269f
Author: Lari Hotari <[email protected]>
AuthorDate: Thu Oct 19 16:05:09 2023 +0300

    [fix][sec] Upgrade Netty to 4.1.100 to address CVE-2023-44487 (#21397)
    
    (cherry picked from commit aae6c716b6f7b32c96484b9004b62359e27f158e)
    (cherry picked from commit 2f00fb91d66b265efbaa002d3d995806c04f70ad)
---
 distribution/server/src/assemble/LICENSE.bin.txt | 36 ++++++++++++------------
 pom.xml                                          |  2 +-
 pulsar-sql/presto-distribution/LICENSE           | 34 +++++++++++-----------
 3 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/distribution/server/src/assemble/LICENSE.bin.txt 
b/distribution/server/src/assemble/LICENSE.bin.txt
index 4a0d3afa9fa..3d9c943f0bb 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -352,24 +352,24 @@ The Apache Software License, Version 2.0
     - org.apache.commons-commons-lang3-3.11.jar
     - org.apache.commons-commons-text-1.10.0.jar
  * Netty
-    - io.netty-netty-buffer-4.1.93.Final.jar
-    - io.netty-netty-codec-4.1.93.Final.jar
-    - io.netty-netty-codec-dns-4.1.93.Final.jar
-    - io.netty-netty-codec-http-4.1.93.Final.jar
-    - io.netty-netty-codec-http2-4.1.93.Final.jar
-    - io.netty-netty-codec-socks-4.1.93.Final.jar
-    - io.netty-netty-codec-haproxy-4.1.93.Final.jar
-    - io.netty-netty-common-4.1.93.Final.jar
-    - io.netty-netty-handler-4.1.93.Final.jar
-    - io.netty-netty-handler-proxy-4.1.93.Final.jar
-    - io.netty-netty-resolver-4.1.93.Final.jar
-    - io.netty-netty-resolver-dns-4.1.93.Final.jar
-    - io.netty-netty-transport-4.1.93.Final.jar
-    - io.netty-netty-transport-classes-epoll-4.1.93.Final.jar
-    - io.netty-netty-transport-native-epoll-4.1.93.Final-linux-x86_64.jar
-    - io.netty-netty-transport-native-epoll-4.1.93.Final.jar
-    - io.netty-netty-transport-native-unix-common-4.1.93.Final.jar
-    - io.netty-netty-transport-native-unix-common-4.1.93.Final-linux-x86_64.jar
+    - io.netty-netty-buffer-4.1.100.Final.jar
+    - io.netty-netty-codec-4.1.100.Final.jar
+    - io.netty-netty-codec-dns-4.1.100.Final.jar
+    - io.netty-netty-codec-http-4.1.100.Final.jar
+    - io.netty-netty-codec-http2-4.1.100.Final.jar
+    - io.netty-netty-codec-socks-4.1.100.Final.jar
+    - io.netty-netty-codec-haproxy-4.1.100.Final.jar
+    - io.netty-netty-common-4.1.100.Final.jar
+    - io.netty-netty-handler-4.1.100.Final.jar
+    - io.netty-netty-handler-proxy-4.1.100.Final.jar
+    - io.netty-netty-resolver-4.1.100.Final.jar
+    - io.netty-netty-resolver-dns-4.1.100.Final.jar
+    - io.netty-netty-transport-4.1.100.Final.jar
+    - io.netty-netty-transport-classes-epoll-4.1.100.Final.jar
+    - io.netty-netty-transport-native-epoll-4.1.100.Final-linux-x86_64.jar
+    - io.netty-netty-transport-native-epoll-4.1.100.Final.jar
+    - io.netty-netty-transport-native-unix-common-4.1.100.Final.jar
+    - 
io.netty-netty-transport-native-unix-common-4.1.100.Final-linux-x86_64.jar
     - io.netty-netty-tcnative-boringssl-static-2.0.61.Final.jar
     - io.netty-netty-tcnative-boringssl-static-2.0.61.Final-linux-aarch_64.jar
     - io.netty-netty-tcnative-boringssl-static-2.0.61.Final-linux-x86_64.jar
diff --git a/pom.xml b/pom.xml
index a7e041f33c8..4e3de5b9020 100644
--- a/pom.xml
+++ b/pom.xml
@@ -124,7 +124,7 @@ flexible messaging model and an intuitive client 
API.</description>
     <snappy.version>1.1.10.5</snappy.version> <!-- ZooKeeper server -->
     <dropwizardmetrics.version>4.1.12.1</dropwizardmetrics.version> <!-- 
ZooKeeper server -->
     <curator.version>5.1.0</curator.version>
-    <netty.version>4.1.93.Final</netty.version>
+    <netty.version>4.1.100.Final</netty.version>
     <jetty.version>9.4.51.v20230217</jetty.version>
     <conscrypt.version>2.5.2</conscrypt.version>
     <jersey.version>2.34</jersey.version>
diff --git a/pulsar-sql/presto-distribution/LICENSE 
b/pulsar-sql/presto-distribution/LICENSE
index f83a7f44def..0de630db167 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -232,18 +232,18 @@ The Apache Software License, Version 2.0
     - commons-lang3-3.11.jar
  * Netty
     - netty-3.10.6.Final.jar
-    - netty-buffer-4.1.93.Final.jar
-    - netty-codec-4.1.93.Final.jar
-    - netty-codec-dns-4.1.93.Final.jar
-    - netty-codec-http-4.1.93.Final.jar
-    - netty-codec-haproxy-4.1.93.Final.jar
-    - netty-codec-socks-4.1.93.Final.jar
-    - netty-handler-proxy-4.1.93.Final.jar
-    - netty-common-4.1.93.Final.jar
-    - netty-handler-4.1.93.Final.jar
+    - netty-buffer-4.1.100.Final.jar
+    - netty-codec-4.1.100.Final.jar
+    - netty-codec-dns-4.1.100.Final.jar
+    - netty-codec-http-4.1.100.Final.jar
+    - netty-codec-haproxy-4.1.100.Final.jar
+    - netty-codec-socks-4.1.100.Final.jar
+    - netty-handler-proxy-4.1.100.Final.jar
+    - netty-common-4.1.100.Final.jar
+    - netty-handler-4.1.100.Final.jar
     - netty-reactive-streams-2.0.6.jar
-    - netty-resolver-4.1.93.Final.jar
-    - netty-resolver-dns-4.1.93.Final.jar
+    - netty-resolver-4.1.100.Final.jar
+    - netty-resolver-dns-4.1.100.Final.jar
     - netty-tcnative-boringssl-static-2.0.61.Final.jar
     - netty-tcnative-boringssl-static-2.0.61.Final-linux-aarch_64.jar
     - netty-tcnative-boringssl-static-2.0.61.Final-linux-x86_64.jar
@@ -251,12 +251,12 @@ The Apache Software License, Version 2.0
     - netty-tcnative-boringssl-static-2.0.61.Final-osx-x86_64.jar
     - netty-tcnative-boringssl-static-2.0.61.Final-windows-x86_64.jar
     - netty-tcnative-classes-2.0.61.Final.jar
-    - netty-transport-4.1.93.Final.jar
-    - netty-transport-classes-epoll-4.1.93.Final.jar
-    - netty-transport-native-epoll-4.1.93.Final-linux-x86_64.jar
-    - netty-transport-native-unix-common-4.1.93.Final.jar
-    - netty-transport-native-unix-common-4.1.93.Final-linux-x86_64.jar
-    - netty-codec-http2-4.1.93.Final.jar
+    - netty-transport-4.1.100.Final.jar
+    - netty-transport-classes-epoll-4.1.100.Final.jar
+    - netty-transport-native-epoll-4.1.100.Final-linux-x86_64.jar
+    - netty-transport-native-unix-common-4.1.100.Final.jar
+    - netty-transport-native-unix-common-4.1.100.Final-linux-x86_64.jar
+    - netty-codec-http2-4.1.100.Final.jar
  * GRPC
     - grpc-api-1.45.1.jar
     - grpc-context-1.45.1.jar

(pulsar) branch branch-2.11 updated: [fix][sec] Upgrade Netty to 4.1.100 to address CVE-2023-44487 (#21397)

Reply via email to