You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by ni...@apache.org on 2022/06/10 08:35:41 UTC

[pulsar] branch master updated: Bump cassandra driver version from 3.6.0 to 3.11.2 (#15994)

This is an automated email from the ASF dual-hosted git repository.

nicoloboschi pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new 3525fe478e1 Bump cassandra driver version from 3.6.0 to 3.11.2 (#15994)
3525fe478e1 is described below

commit 3525fe478e123734f04864811089411b4a3fdeb4
Author: ZhangJian He <sh...@gmail.com>
AuthorDate: Fri Jun 10 16:35:32 2022 +0800

    Bump cassandra driver version from 3.6.0 to 3.11.2 (#15994)
    
    * Bump cassandra driver version from 3.6.0 to 3.11.2
    
    * add suppressions
    
    * Update pom.xml
---
 pom.xml                                     | 3 +--
 pulsar-io/cassandra/pom.xml                 | 1 -
 src/owasp-dependency-check-suppressions.xml | 9 +++++++++
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index 374be441097..ac5d81ea008 100644
--- a/pom.xml
+++ b/pom.xml
@@ -150,7 +150,7 @@ flexible messaging model and an intuitive client API.</description>
     <gson.version>2.8.9</gson.version>
     <sketches.version>0.8.3</sketches.version>
     <hbc-core.version>2.2.0</hbc-core.version>
-    <cassandra-driver-core.version>3.6.0</cassandra-driver-core.version>
+    <cassandra.version>3.11.2</cassandra.version>
     <aerospike-client.version>4.4.20</aerospike-client.version>
     <kafka-client.version>2.7.2</kafka-client.version>
     <rabbitmq-client.version>5.5.3</rabbitmq-client.version>
@@ -228,7 +228,6 @@ flexible messaging model and an intuitive client API.</description>
     <netty-reactive-streams.version>2.0.6</netty-reactive-streams.version>
 
     <!-- test dependencies -->
-    <cassandra.version>3.6.0</cassandra.version>
     <testcontainers.version>1.15.3</testcontainers.version>
     <hamcrest.version>2.2</hamcrest.version>
 
diff --git a/pulsar-io/cassandra/pom.xml b/pulsar-io/cassandra/pom.xml
index 6826a981781..cbeeb1d272b 100644
--- a/pulsar-io/cassandra/pom.xml
+++ b/pulsar-io/cassandra/pom.xml
@@ -51,7 +51,6 @@
     <dependency>
       <groupId>com.datastax.cassandra</groupId>
       <artifactId>cassandra-driver-core</artifactId>
-      <version>${cassandra-driver-core.version}</version>
     </dependency>
 
   </dependencies>
diff --git a/src/owasp-dependency-check-suppressions.xml b/src/owasp-dependency-check-suppressions.xml
index 8fe1fd54406..4787fcb348a 100644
--- a/src/owasp-dependency-check-suppressions.xml
+++ b/src/owasp-dependency-check-suppressions.xml
@@ -448,5 +448,14 @@
         <cve>CVE-2021-46666</cve>
         <cve>CVE-2021-46667</cve>
     </suppress>
+    <!-- only affects the server -->
+    <suppress>
+        <notes><![CDATA[
+       file name: cassandra-driver-core-3.11.2.jar
+       ]]></notes>
+        <sha1>e0aad9f8611e710b9a0ce49747f7465ce07d8404</sha1>
+        <cve>CVE-2020-17516</cve>
+        <cve>CVE-2021-44521</cve>
+    </suppress>
 
 </suppressions>