[hadoop] branch trunk updated: HADOOP-18646. Upgrade Netty to 4.1.89.Final to fix CVE-2022-41881 (#5435)

Fri, 10 Mar 2023 07:27:37 -0800 

This is an automated email from the ASF dual-hosted git repository.

stevel pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 734f7abfb8b HADOOP-18646. Upgrade Netty to 4.1.89.Final to fix 
CVE-2022-41881 (#5435)
734f7abfb8b is described below

commit 734f7abfb8b84a4c20dbae5073cf2d4fb60adc1c
Author: nao <56360298+nao...@users.noreply.github.com>
AuthorDate: Fri Mar 10 18:27:22 2023 +0300

    HADOOP-18646. Upgrade Netty to 4.1.89.Final to fix CVE-2022-41881 (#5435)
    
    
    This fixes CVE-2022-41881.
    
    This also upgrades io.opencensus dependencies to 0.12.3
    
    Contributed by Aleksandr Nikolaev
---
 LICENSE-binary         | 8 ++------
 hadoop-project/pom.xml | 2 +-
 2 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index 0fab0eea8ae..8a82432de06 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -289,12 +289,8 @@ io.netty:netty-resolver-dns-classes-macos:4.1.77.Final
 io.netty:netty-transport-native-epoll:4.1.77.Final
 io.netty:netty-transport-native-kqueue:4.1.77.Final
 io.netty:netty-resolver-dns-native-macos:4.1.77.Final
-io.opencensus:opencensus-api:0.24.0
-io.opencensus:opencensus-contrib-grpc-metrics:0.24.0
-io.opentracing:opentracing-api:0.33.0
-io.opentracing:opentracing-noop:0.33.0
-io.opentracing:opentracing-util:0.33.0
-io.perfmark:perfmark-api:0.19.0
+io.opencensus:opencensus-api:0.12.3
+io.opencensus:opencensus-contrib-grpc-metrics:0.12.3
 io.reactivex:rxjava:1.3.8
 io.reactivex:rxjava-string:1.1.1
 io.reactivex:rxnetty:0.4.20
diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml
index 88a7b1f119c..9eda301b63a 100644
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@@ -140,7 +140,7 @@
     <jna.version>5.2.0</jna.version>
     <gson.version>2.9.0</gson.version>
     <metrics.version>3.2.4</metrics.version>
-    <netty4.version>4.1.77.Final</netty4.version>
+    <netty4.version>4.1.89.Final</netty4.version>
     <snappy-java.version>1.1.8.2</snappy-java.version>
     <lz4-java.version>1.7.1</lz4-java.version>
 


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org

Reply via email to