[hadoop] branch trunk updated: HADOOP-18949. upgrade maven dependency plugin due to CVE-2021-26291. (#6219)

Tue, 24 Oct 2023 04:28:54 -0700 

This is an automated email from the ASF dual-hosted git repository.

stevel pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 0042544bf2b3 HADOOP-18949. upgrade maven dependency plugin due to 
CVE-2021-26291. (#6219)
0042544bf2b3 is described below

commit 0042544bf2b3bcb89f1bbd3d792e489c28655432
Author: PJ Fanning <pjfann...@users.noreply.github.com>
AuthorDate: Tue Oct 24 12:28:40 2023 +0100

    HADOOP-18949. upgrade maven dependency plugin due to CVE-2021-26291. (#6219)
    
    
    Addresses CVE-2021-26291. "Origin Validation Error in Apache Maven"
    
    Contributed by PJ Fanning.
---
 hadoop-maven-plugins/pom.xml | 34 ++++++++++++++++++++++++++++++++--
 1 file changed, 32 insertions(+), 2 deletions(-)

diff --git a/hadoop-maven-plugins/pom.xml b/hadoop-maven-plugins/pom.xml
index 522c5a946870..8765eb795b87 100644
--- a/hadoop-maven-plugins/pom.xml
+++ b/hadoop-maven-plugins/pom.xml
@@ -26,26 +26,56 @@
   <packaging>maven-plugin</packaging>
   <name>Apache Hadoop Maven Plugins</name>
   <properties>
-    <maven.dependency.version>3.0.5</maven.dependency.version>
-    <maven.plugin-tools.version>3.6.0</maven.plugin-tools.version>
+    <maven.dependency.version>3.9.5</maven.dependency.version>
+    <maven.plugin-tools.version>3.10.1</maven.plugin-tools.version>
+    <plexus.classworlds.version>2.7.0</plexus.classworlds.version>
+    <sisu.inject.version>0.3.5</sisu.inject.version>
   </properties>
   <dependencies>
     <dependency>
       <groupId>org.apache.maven</groupId>
       <artifactId>maven-plugin-api</artifactId>
       <version>${maven.dependency.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>org.eclipse.sisu</groupId>
+          <artifactId>org.eclipse.sisu.inject</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.codehaus.plexus</groupId>
+          <artifactId>plexus-classworlds</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.apache.maven</groupId>
       <artifactId>maven-core</artifactId>
       <version>${maven.dependency.version}</version>
       <exclusions>
+        <exclusion>
+          <groupId>org.eclipse.sisu</groupId>
+          <artifactId>org.eclipse.sisu.inject</artifactId>
+        </exclusion>
         <exclusion>
           <groupId>org.sonatype.sisu</groupId>
           <artifactId>sisu-inject-plexus</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.codehaus.plexus</groupId>
+          <artifactId>plexus-classworlds</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
+    <dependency>
+      <groupId>org.codehaus.plexus</groupId>
+      <artifactId>plexus-classworlds</artifactId>
+      <version>${plexus.classworlds.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.sisu</groupId>
+      <artifactId>org.eclipse.sisu.inject</artifactId>
+      <version>${sisu.inject.version}</version>
+    </dependency>
     <dependency>
       <groupId>org.apache.maven.plugin-tools</groupId>
       <artifactId>maven-plugin-annotations</artifactId>


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org

Reply via email to