You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by ji...@apache.org on 2022/09/24 07:31:51 UTC
[pulsar] branch branch-2.10 updated: [fix][sec] Bump snakeyaml to 1.32 for CVE-2022-38752 (#17779)
This is an automated email from the ASF dual-hosted git repository.
jianghaiting pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-2.10 by this push:
new f4e2b3f7ebd [fix][sec] Bump snakeyaml to 1.32 for CVE-2022-38752 (#17779)
f4e2b3f7ebd is described below
commit f4e2b3f7ebd9b7226ae369e88b6be1dd99fc069b
Author: tison <wa...@gmail.com>
AuthorDate: Sat Sep 24 12:44:43 2022 +0800
[fix][sec] Bump snakeyaml to 1.32 for CVE-2022-38752 (#17779)
(cherry picked from commit ec8b58675a0a2a924b5541e49e878d8361c4742c)
---
buildtools/pom.xml | 2 +-
distribution/server/src/assemble/LICENSE.bin.txt | 2 +-
pom.xml | 2 +-
pulsar-sql/presto-distribution/LICENSE | 4 ++--
4 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/buildtools/pom.xml b/buildtools/pom.xml
index a4d5c0334f9..b85342c4c6e 100644
--- a/buildtools/pom.xml
+++ b/buildtools/pom.xml
@@ -49,7 +49,7 @@
<guice.version>4.2.3</guice.version>
<guava.version>31.0.1-jre</guava.version>
<ant.version>1.10.12</ant.version>
- <snakeyaml.version>1.31</snakeyaml.version>
+ <snakeyaml.version>1.32</snakeyaml.version>
<test.additional.args></test.additional.args>
<mockito.version>3.12.4</mockito.version>
</properties>
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
index 4783c17c83b..736e05b387c 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -449,7 +449,7 @@ The Apache Software License, Version 2.0
- org.eclipse.jetty.websocket-websocket-servlet-9.4.48.v20220622.jar
- org.eclipse.jetty-jetty-alpn-conscrypt-server-9.4.48.v20220622.jar
- org.eclipse.jetty-jetty-alpn-server-9.4.48.v20220622.jar
- * SnakeYaml -- org.yaml-snakeyaml-1.31.jar
+ * SnakeYaml -- org.yaml-snakeyaml-1.32.jar
* RocksDB - org.rocksdb-rocksdbjni-6.10.2.jar
* Google Error Prone Annotations - com.google.errorprone-error_prone_annotations-2.5.1.jar
* Apache Thrift - org.apache.thrift-libthrift-0.14.2.jar
diff --git a/pom.xml b/pom.xml
index 41d153c78b2..708e91e317f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -208,7 +208,7 @@ flexible messaging model and an intuitive client API.</description>
<spring-context.version>5.3.19</spring-context.version>
<apache-http-client.version>4.5.13</apache-http-client.version>
<jetcd.version>0.5.11</jetcd.version>
- <snakeyaml.version>1.31</snakeyaml.version>
+ <snakeyaml.version>1.32</snakeyaml.version>
<ant.version>1.10.12</ant.version>
<seancfoley.ipaddress.version>5.3.3</seancfoley.ipaddress.version>
<netty-reactive-streams.version>2.0.6</netty-reactive-streams.version>
diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE
index 14a7857e523..0c573b675e9 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -413,7 +413,7 @@ The Apache Software License, Version 2.0
* RocksDB JNI
- rocksdbjni-6.10.2.jar
* SnakeYAML
- - snakeyaml-1.31.jar
+ - snakeyaml-1.32.jar
* Bean Validation API
- validation-api-2.0.1.Final.jar
* Objectsize
@@ -515,7 +515,7 @@ MIT License
* JUL to SLF4J Bridge
- jul-to-slf4j-1.7.32.jar
* Checker Qual
- - checker-qual-3.12.0.jar
+ - checker-qual-3.12.0.jar
* Annotations
- animal-sniffer-annotations-1.19.jar
- annotations-4.1.1.4.jar