[geode] branch develop updated: Update shiro to 1.12.0 for CVE-2023-34478 (#7884)

Sat, 23 Sep 2023 20:43:51 -0700 

This is an automated email from the ASF dual-hosted git repository.

sai_boorlagadda pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode.git


The following commit(s) were added to refs/heads/develop by this push:
     new d1958146c1 Update shiro to 1.12.0 for CVE-2023-34478 (#7884)
d1958146c1 is described below

commit d1958146c12affb1fe3eabc5823bb4eeb6c0badc
Author: Olivier VERMEULEN <overmeu...@murex.com>
AuthorDate: Sun Sep 24 05:43:40 2023 +0200

    Update shiro to 1.12.0 for CVE-2023-34478 (#7884)
---
 boms/geode-all-bom/src/test/resources/expected-pom.xml |  2 +-
 .../geode/gradle/plugins/DependencyConstraints.groovy  |  2 +-
 .../src/integrationTest/resources/assembly_content.txt | 18 +++++++++---------
 .../resources/gfsh_dependency_classpath.txt            | 18 +++++++++---------
 .../integrationTest/resources/dependency_classpath.txt | 18 +++++++++---------
 5 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/boms/geode-all-bom/src/test/resources/expected-pom.xml 
b/boms/geode-all-bom/src/test/resources/expected-pom.xml
index c120e5a6b5..1ff396799b 100644
--- a/boms/geode-all-bom/src/test/resources/expected-pom.xml
+++ b/boms/geode-all-bom/src/test/resources/expected-pom.xml
@@ -330,7 +330,7 @@
       <dependency>
         <groupId>org.apache.shiro</groupId>
         <artifactId>shiro-core</artifactId>
-        <version>1.10.0</version>
+        <version>1.12.0</version>
       </dependency>
       <dependency>
         <groupId>org.assertj</groupId>
diff --git 
a/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
 
b/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
index 58c55d6c01..d4c841c717 100644
--- 
a/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
+++ 
b/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
@@ -41,7 +41,7 @@ class DependencyConstraints {
     deps.put("jgroups.version", "3.6.14.Final")
     deps.put("log4j.version", "2.17.2")
     deps.put("micrometer.version", "1.9.1")
-    deps.put("shiro.version", "1.10.0")
+    deps.put("shiro.version", "1.12.0")
     deps.put("slf4j-api.version", "1.7.32")
     deps.put("jboss-modules.version", "1.11.0.Final")
     deps.put("jackson.version", "2.13.3")
diff --git a/geode-assembly/src/integrationTest/resources/assembly_content.txt 
b/geode-assembly/src/integrationTest/resources/assembly_content.txt
index bbed00cd72..c83ce9f3fd 100644
--- a/geode-assembly/src/integrationTest/resources/assembly_content.txt
+++ b/geode-assembly/src/integrationTest/resources/assembly_content.txt
@@ -1047,15 +1047,15 @@ lib/mx4j-remote-3.0.2.jar
 lib/mx4j-tools-3.0.1.jar
 lib/ra.jar
 lib/rmiio-2.1.2.jar
-lib/shiro-cache-1.10.0.jar
-lib/shiro-config-core-1.10.0.jar
-lib/shiro-config-ogdl-1.10.0.jar
-lib/shiro-core-1.10.0.jar
-lib/shiro-crypto-cipher-1.10.0.jar
-lib/shiro-crypto-core-1.10.0.jar
-lib/shiro-crypto-hash-1.10.0.jar
-lib/shiro-event-1.10.0.jar
-lib/shiro-lang-1.10.0.jar
+lib/shiro-cache-1.12.0.jar
+lib/shiro-config-core-1.12.0.jar
+lib/shiro-config-ogdl-1.12.0.jar
+lib/shiro-core-1.12.0.jar
+lib/shiro-crypto-cipher-1.12.0.jar
+lib/shiro-crypto-core-1.12.0.jar
+lib/shiro-crypto-hash-1.12.0.jar
+lib/shiro-event-1.12.0.jar
+lib/shiro-lang-1.12.0.jar
 lib/slf4j-api-1.7.32.jar
 lib/slf4j-api-1.7.36.jar
 lib/snappy-0.4.jar
diff --git 
a/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt 
b/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt
index 0756871fc4..a965f89a3a 100644
--- a/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt
+++ b/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt
@@ -47,8 +47,8 @@ antlr-2.7.7.jar
 istack-commons-runtime-4.0.1.jar
 jaxb-impl-2.3.2.jar
 commons-validator-1.7.jar
-shiro-core-1.10.0.jar
-shiro-config-ogdl-1.10.0.jar
+shiro-core-1.12.0.jar
+shiro-config-ogdl-1.12.0.jar
 commons-beanutils-1.9.4.jar
 commons-codec-1.15.jar
 commons-collections-3.2.2.jar
@@ -69,13 +69,13 @@ jna-platform-5.11.0.jar
 jna-5.11.0.jar
 snappy-0.4.jar
 jgroups-3.6.14.Final.jar
-shiro-cache-1.10.0.jar
-shiro-crypto-hash-1.10.0.jar
-shiro-crypto-cipher-1.10.0.jar
-shiro-config-core-1.10.0.jar
-shiro-event-1.10.0.jar
-shiro-crypto-core-1.10.0.jar
-shiro-lang-1.10.0.jar
+shiro-cache-1.12.0.jar
+shiro-crypto-hash-1.12.0.jar
+shiro-crypto-cipher-1.12.0.jar
+shiro-config-core-1.12.0.jar
+shiro-event-1.12.0.jar
+shiro-crypto-core-1.12.0.jar
+shiro-lang-1.12.0.jar
 slf4j-api-1.7.36.jar
 spring-beans-5.3.21.jar
 javax.activation-api-1.2.0.jar
diff --git 
a/geode-server-all/src/integrationTest/resources/dependency_classpath.txt 
b/geode-server-all/src/integrationTest/resources/dependency_classpath.txt
index 0107d3cfee..c7839421a0 100644
--- a/geode-server-all/src/integrationTest/resources/dependency_classpath.txt
+++ b/geode-server-all/src/integrationTest/resources/dependency_classpath.txt
@@ -1,8 +1,8 @@
 spring-web-5.3.21.jar
-shiro-event-1.10.0.jar
-shiro-crypto-hash-1.10.0.jar
-shiro-crypto-cipher-1.10.0.jar
-shiro-config-core-1.10.0.jar
+shiro-event-1.12.0.jar
+shiro-crypto-hash-1.12.0.jar
+shiro-crypto-cipher-1.12.0.jar
+shiro-config-core-1.12.0.jar
 commons-digester-2.1.jar
 commons-validator-1.7.jar
 spring-jcl-5.3.21.jar
@@ -23,11 +23,11 @@ geode-cq-0.0.0.jar
 geode-old-client-support-0.0.0.jar
 javax.servlet-api-3.1.0.jar
 jgroups-3.6.14.Final.jar
-shiro-cache-1.10.0.jar
+shiro-cache-1.12.0.jar
 httpcore-4.4.15.jar
 spring-beans-5.3.21.jar
 lucene-queries-6.6.6.jar
-shiro-core-1.10.0.jar
+shiro-core-1.12.0.jar
 HikariCP-4.0.3.jar
 slf4j-api-1.7.32.jar
 geode-http-service-0.0.0.jar
@@ -63,7 +63,7 @@ jetty-io-9.4.47.v20220610.jar
 geode-deployment-legacy-0.0.0.jar
 commons-beanutils-1.9.4.jar
 log4j-core-2.17.2.jar
-shiro-crypto-core-1.10.0.jar
+shiro-crypto-core-1.12.0.jar
 jaxb-api-2.3.1.jar
 geode-unsafe-0.0.0.jar
 spring-shell-1.2.0.RELEASE.jar
@@ -73,14 +73,14 @@ log4j-jul-2.17.2.jar
 HdrHistogram-2.1.12.jar
 jackson-annotations-2.13.3.jar
 micrometer-core-1.9.1.jar
-shiro-config-ogdl-1.10.0.jar
+shiro-config-ogdl-1.12.0.jar
 geode-log4j-0.0.0.jar
 lucene-analyzers-phonetic-6.6.6.jar
 spring-context-5.3.21.jar
 jetty-security-9.4.47.v20220610.jar
 geode-logging-0.0.0.jar
 commons-io-2.11.0.jar
-shiro-lang-1.10.0.jar
+shiro-lang-1.12.0.jar
 javax.transaction-api-1.3.jar
 geode-common-0.0.0.jar
 antlr-2.7.7.jar

Reply via email to