(pulsar) branch master updated: [fix][sec] Replace bcprov-jdk15on dependency with bcprov-jdk18-on (#23532)

Wed, 30 Oct 2024 21:22:32 -0700 

This is an automated email from the ASF dual-hosted git repository.

technoboy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new f196e2c2e16 [fix][sec] Replace bcprov-jdk15on dependency with 
bcprov-jdk18-on (#23532)
f196e2c2e16 is described below

commit f196e2c2e168b9a7a9550f69555ccf6af6369f3c
Author: Lari Hotari <[email protected]>
AuthorDate: Thu Oct 31 06:22:19 2024 +0200

    [fix][sec] Replace bcprov-jdk15on dependency with bcprov-jdk18-on (#23532)
---
 pom.xml                            | 22 ++++++++++++++++++++++
 pulsar-io/hdfs3/pom.xml            |  8 ++++++++
 tiered-storage/file-system/pom.xml | 17 ++++++++++++++++-
 3 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index b7db4e586ba..bf47646e16c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -962,6 +962,12 @@ flexible messaging model and an intuitive client 
API.</description>
         <version>${caffeine.version}</version>
       </dependency>
 
+      <dependency>
+        <groupId>org.bouncycastle</groupId>
+        <artifactId>bcprov-jdk18on</artifactId>
+        <version>${bouncycastle.version}</version>
+      </dependency>
+
       <dependency>
         <groupId>org.bouncycastle</groupId>
         <artifactId>bcpkix-jdk18on</artifactId>
@@ -1324,6 +1330,10 @@ flexible messaging model and an intuitive client 
API.</description>
             <groupId>dnsjava</groupId>
             <artifactId>dnsjava</artifactId>
           </exclusion>
+          <exclusion>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+          </exclusion>
         </exclusions>
       </dependency>
       <dependency>
@@ -1335,6 +1345,10 @@ flexible messaging model and an intuitive client 
API.</description>
             <groupId>dnsjava</groupId>
             <artifactId>dnsjava</artifactId>
           </exclusion>
+          <exclusion>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+          </exclusion>
         </exclusions>
       </dependency>
       <dependency>
@@ -1346,6 +1360,10 @@ flexible messaging model and an intuitive client 
API.</description>
             <groupId>dnsjava</groupId>
             <artifactId>dnsjava</artifactId>
           </exclusion>
+          <exclusion>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+          </exclusion>
         </exclusions>
       </dependency>
       <dependency>
@@ -1357,6 +1375,10 @@ flexible messaging model and an intuitive client 
API.</description>
             <groupId>dnsjava</groupId>
             <artifactId>dnsjava</artifactId>
           </exclusion>
+          <exclusion>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+          </exclusion>
         </exclusions>
       </dependency>
       <!-- dnsjava is pulled in by hadoop-common -->
diff --git a/pulsar-io/hdfs3/pom.xml b/pulsar-io/hdfs3/pom.xml
index f71f61df228..d20a2ef208e 100644
--- a/pulsar-io/hdfs3/pom.xml
+++ b/pulsar-io/hdfs3/pom.xml
@@ -71,8 +71,16 @@
           <groupId>org.apache.avro</groupId>
           <artifactId>avro</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.bouncycastle</groupId>
+          <artifactId>bcprov-jdk15on</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcprov-jdk18on</artifactId>
+    </dependency>
 
     <dependency>
       <groupId>jakarta.activation</groupId>
diff --git a/tiered-storage/file-system/pom.xml 
b/tiered-storage/file-system/pom.xml
index 4cbee957f76..e44b08cbd96 100644
--- a/tiered-storage/file-system/pom.xml
+++ b/tiered-storage/file-system/pom.xml
@@ -53,9 +53,16 @@
                     <groupId>dnsjava</groupId>
                     <artifactId>dnsjava</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.bouncycastle</groupId>
+                    <artifactId>bcprov-jdk15on</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
-
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk18on</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.apache.hadoop</groupId>
             <artifactId>hadoop-hdfs-client</artifactId>
@@ -85,6 +92,10 @@
                     <groupId>dnsjava</groupId>
                     <artifactId>dnsjava</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.bouncycastle</groupId>
+                    <artifactId>bcprov-jdk15on</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <!-- fix hadoop-commons vulnerable dependencies -->
@@ -133,6 +144,10 @@
                     <groupId>dnsjava</groupId>
                     <artifactId>dnsjava</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.bouncycastle</groupId>
+                    <artifactId>bcprov-jdk15on</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>

Reply via email to