This is an automated email from the ASF dual-hosted git repository.
wusheng pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/skywalking-java.git
The following commit(s) were added to refs/heads/main by this push:
new b9075ce7ad fix CVE-2023-2976 and CVE-2023-34462 (#570)
b9075ce7ad is described below
commit b9075ce7adca4ec9d4ee4c332c4f7e64cfad9b17
Author: alan <[email protected]>
AuthorDate: Wed Jul 5 20:41:01 2023 +0800
fix CVE-2023-2976 and CVE-2023-34462 (#570)
---
CHANGES.md | 2 ++
apm-sniffer/apm-agent-core/pom.xml | 2 +-
dist-material/LICENSE | 3 ++-
pom.xml | 2 +-
4 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 0e56e00149..f7db5b2105 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -141,6 +141,8 @@ Callable {
* Add Plugin to support aerospike Java client
* Add ClickHouse parsing to the jdbc-common plugin.
* Support to trace redisson lock
+* Upgrade netty-codec-http2 to 4.1.94.Final
+* Upgrade guava to 32.0.1
#### Documentation
diff --git a/apm-sniffer/apm-agent-core/pom.xml
b/apm-sniffer/apm-agent-core/pom.xml
index 65cfd7bfaa..7170e4713e 100644
--- a/apm-sniffer/apm-agent-core/pom.xml
+++ b/apm-sniffer/apm-agent-core/pom.xml
@@ -34,7 +34,7 @@
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<generateGitPropertiesFilename>${project.build.outputDirectory}/skywalking-agent-version.properties</generateGitPropertiesFilename>
- <guava.version>30.1.1-jre</guava.version>
+ <guava.version>32.0.1-jre</guava.version>
<wiremock.version>2.6.0</wiremock.version>
<netty-tcnative-boringssl-static.version>2.0.7.Final</netty-tcnative-boringssl-static.version>
<os-maven-plugin.version>1.4.1.Final</os-maven-plugin.version>
diff --git a/dist-material/LICENSE b/dist-material/LICENSE
index c78714d002..27cdba1bdb 100755
--- a/dist-material/LICENSE
+++ b/dist-material/LICENSE
@@ -220,7 +220,8 @@ The text of each license is the standard Apache 2.0 license.
Google: gson 2.8.9: https://github.com/google/gson , Apache 2.0
Google: proto-google-common-protos 2.0.1:
https://github.com/googleapis/googleapis , Apache 2.0
Google: jsr305 3.0.2:
http://central.maven.org/maven2/com/google/code/findbugs/jsr305/3.0.0/jsr305-3.0.0.pom
, Apache 2.0
- netty 4.1.86: https://github.com/netty/netty/blob/4.1/LICENSE.txt, Apache
2.0
+ Google: guava 32.0.1: https://github.com/google/guava , Apache 2.0
+ netty 4.1.94: https://github.com/netty/netty/blob/4.1/LICENSE.txt, Apache
2.0
========================================================================
BSD licenses
diff --git a/pom.xml b/pom.xml
index 137046b820..3d7404ea18 100755
--- a/pom.xml
+++ b/pom.xml
@@ -88,7 +88,7 @@
<!-- core lib dependency -->
<bytebuddy.version>1.14.4</bytebuddy.version>
<grpc.version>1.50.0</grpc.version>
- <netty.version>4.1.86.Final</netty.version>
+ <netty.version>4.1.94.Final</netty.version>
<gson.version>2.8.9</gson.version>
<os-maven-plugin.version>1.6.2</os-maven-plugin.version>
<protobuf-maven-plugin.version>0.6.1</protobuf-maven-plugin.version>
