This is an automated email from the ASF dual-hosted git repository. lhotari pushed a commit to branch branch-3.3 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 624d7dc6a79f7046058e0b05364c96826a1d2854 Author: Lari Hotari <[email protected]> AuthorDate: Thu Oct 31 06:22:19 2024 +0200 [fix][sec] Replace bcprov-jdk15on dependency with bcprov-jdk18-on (#23532) (cherry picked from commit f196e2c2e168b9a7a9550f69555ccf6af6369f3c) --- pom.xml | 22 ++++++++++++++++++++++ pulsar-io/hdfs3/pom.xml | 8 ++++++++ tiered-storage/file-system/pom.xml | 17 ++++++++++++++++- 3 files changed, 46 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f764b51e791..b85d2789f62 100644 --- a/pom.xml +++ b/pom.xml @@ -945,6 +945,12 @@ flexible messaging model and an intuitive client API.</description> <version>${caffeine.version}</version> </dependency> + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk18on</artifactId> + <version>${bouncycastle.version}</version> + </dependency> + <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcpkix-jdk18on</artifactId> @@ -1307,6 +1313,10 @@ flexible messaging model and an intuitive client API.</description> <groupId>dnsjava</groupId> <artifactId>dnsjava</artifactId> </exclusion> + <exclusion> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -1318,6 +1328,10 @@ flexible messaging model and an intuitive client API.</description> <groupId>dnsjava</groupId> <artifactId>dnsjava</artifactId> </exclusion> + <exclusion> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -1329,6 +1343,10 @@ flexible messaging model and an intuitive client API.</description> <groupId>dnsjava</groupId> <artifactId>dnsjava</artifactId> </exclusion> + <exclusion> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -1340,6 +1358,10 @@ flexible messaging model and an intuitive client API.</description> <groupId>dnsjava</groupId> <artifactId>dnsjava</artifactId> </exclusion> + <exclusion> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + </exclusion> </exclusions> </dependency> <!-- dnsjava is pulled in by hadoop-common --> diff --git a/pulsar-io/hdfs3/pom.xml b/pulsar-io/hdfs3/pom.xml index 3f9fb1743af..834769023a0 100644 --- a/pulsar-io/hdfs3/pom.xml +++ b/pulsar-io/hdfs3/pom.xml @@ -71,8 +71,16 @@ <groupId>org.apache.avro</groupId> <artifactId>avro</artifactId> </exclusion> + <exclusion> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + </exclusion> </exclusions> </dependency> + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk18on</artifactId> + </dependency> <dependency> <groupId>jakarta.activation</groupId> diff --git a/tiered-storage/file-system/pom.xml b/tiered-storage/file-system/pom.xml index 0fbe47dec2a..0f304119ac3 100644 --- a/tiered-storage/file-system/pom.xml +++ b/tiered-storage/file-system/pom.xml @@ -54,9 +54,16 @@ <groupId>dnsjava</groupId> <artifactId>dnsjava</artifactId> </exclusion> + <exclusion> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + </exclusion> </exclusions> </dependency> - + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk18on</artifactId> + </dependency> <dependency> <groupId>org.apache.hadoop</groupId> <artifactId>hadoop-hdfs-client</artifactId> @@ -86,6 +93,10 @@ <groupId>dnsjava</groupId> <artifactId>dnsjava</artifactId> </exclusion> + <exclusion> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + </exclusion> </exclusions> </dependency> <!-- fix hadoop-commons vulnerable dependencies --> @@ -134,6 +145,10 @@ <groupId>dnsjava</groupId> <artifactId>dnsjava</artifactId> </exclusion> + <exclusion> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + </exclusion> </exclusions> </dependency>
