Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade third party libraries with security vulnerabilities #3938

Merged
merged 2 commits into from
Mar 29, 2019
Merged

Upgrade third party libraries with security vulnerabilities #3938

merged 2 commits into from
Mar 29, 2019

Conversation

massakam
Copy link
Contributor

Motivation

The Pulsar distribution includes some third-party libraries with security vulnerabilities.

Modifications

  • Upgraded jackson related libraries to 2.9.8. The jackson used in pulsar-sql can not be upgraded to 2.9.x, so upgraded jackson-databind to 2.8.11.3 (cf. reverting jackson version bump for sql #2978).
  • Upgraded the version of commons-configuration from 1.6 to 1.10. commons-beanutils and commons-beanutils-core were installed because commons-configuration-1.6 depends on these, but these dependencies are optional in commons-configuration-1.10.

Verifying this change

  • Make sure that the change passes the CI checks.

@massakam massakam added this to the 2.3.1 milestone Mar 29, 2019
@massakam massakam self-assigned this Mar 29, 2019
@massakam
Copy link
Contributor Author

rerun java8 tests
rerun cpp tests

merlimat
merlimat approved these changes Mar 29, 2019
View reviewed changes
Copy link
Contributor

@merlimat merlimat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@merlimat
Copy link
Contributor

run java8 tests

@massakam massakam force-pushed the security-vulnerability branch from 73353f2 to 101ce0a Compare March 29, 2019 17:00
@merlimat
Copy link
Contributor

run cpp tests

@merlimat merlimat merged commit c463a04 into apache:master Mar 29, 2019
merlimat pushed a commit that referenced this pull request Mar 29, 2019
@merlimat
Upgrade third party libraries with security vulnerabilities (#3938)
cbd2f64 
* Upgrade jackson version to 2.9.8

* Upgrade commons-collections version to 1.10
@massakam massakam deleted the security-vulnerability branch March 30, 2019 05:05
@merlimat
Copy link
Contributor

merlimat commented Apr 1, 2019

Merged in 2.3.1 at
cbd2f64

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@merlimat merlimat merlimat approved these changes

Assignees

@massakam massakam

Labels
area/security
Projects
None yet
Milestone
2.3.1
Development

Successfully merging this pull request may close these issues.
2 participants
@massakam @merlimat