You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by pe...@apache.org on 2022/06/09 03:52:48 UTC
[pulsar] branch master updated: [fix][pulsar] Bump pyyaml from 5.3.1 to 5.4.1 to solve CVE-2020-14343 (#15989)
This is an automated email from the ASF dual-hosted git repository.
penghui pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 75fecd0bdcc [fix][pulsar] Bump pyyaml from 5.3.1 to 5.4.1 to solve CVE-2020-14343 (#15989)
75fecd0bdcc is described below
commit 75fecd0bdcc67a2992cbdebbb513447c6b9cc383
Author: Kay Johansen <ka...@streamnative.io>
AuthorDate: Wed Jun 8 21:52:42 2022 -0600
[fix][pulsar] Bump pyyaml from 5.3.1 to 5.4.1 to solve CVE-2020-14343 (#15989)
---
docker/pulsar/Dockerfile | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/docker/pulsar/Dockerfile b/docker/pulsar/Dockerfile
index ea7fee589a3..27fef14fb76 100644
--- a/docker/pulsar/Dockerfile
+++ b/docker/pulsar/Dockerfile
@@ -59,13 +59,15 @@ RUN sed -i "s|http://archive\.ubuntu\.com/ubuntu/|${UBUNTU_MIRROR:-mirror://mirr
&& apt-get update \
&& apt-get -y dist-upgrade \
&& apt-get -y install --no-install-recommends openjdk-17-jdk-headless netcat dnsutils less procps iputils-ping \
- python3 python3-yaml python3-kazoo python3-pip \
+ python3 python3-kazoo python3-pip \
curl ca-certificates \
&& apt-get -y --purge autoremove \
&& apt-get autoclean \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
+RUN pip3 install pyyaml==5.4.1
+
# Pulsar currently writes to the below directories, assuming the default configuration.
# Note that number 4 is the reason that pulsar components need write access to the /pulsar directory.
# 1. /pulsar/data - both bookkeepers and zookeepers use this directory