dlg99 opened a new pull request #13867: URL: https://github.com/apache/pulsar/pull/13867
CVEs are: CVE-2020-7020 CVE-2020-7021 CVE-2021-22132 CVE-2021-22134 CVE-2021-22144 CVE-2021-22147 ### Motivation `mvn clean install verify -Powasp-dependency-check -DskipTests` found various CVEs ### Modifications Brought back changes from https://github.com/apache/pulsar/pull/13747 On top of that, replaced ElasticSearch client with OpenSearch one to get rid of CVEs + retain the Apache 2.0 licensing. ### Verifying this change - [ ] Make sure that the change passes the CI checks. This change is a trivial rework / code cleanup without any test coverage. ### Does this pull request potentially affect one of the following parts: *If `yes` was chosen, please highlight the changes* - Dependencies (does it add or upgrade a dependency): *YES* - The public API: (yes / no) - The schema: (yes / no / don't know) - The default values of configurations: (yes / no) - The wire protocol: (yes / no) - The rest endpoints: (yes / no) - The admin cli options: (yes / no) - Anything that affects deployment: (yes / no / don't know) ### Documentation Check the box below or label this PR directly (if you have committer privilege). Need to update docs? - [ ] `doc-required` (If you need help on updating docs, create a doc issue) - [x] `no-need-doc` (Please explain why) - [ ] `doc` (If this PR contains doc changes) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
