You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by mm...@apache.org on 2022/06/09 18:15:23 UTC
[pulsar] 03/03: [fix][pulsar] Bump pyyaml from 5.3.1 to 5.4.1 to solve CVE-2020-14343 (#15989)
This is an automated email from the ASF dual-hosted git repository.
mmerli pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit d8a3048e1c1353548ca84bae8b09f98b0f755e28
Author: Kay Johansen <ka...@streamnative.io>
AuthorDate: Wed Jun 8 21:52:42 2022 -0600
[fix][pulsar] Bump pyyaml from 5.3.1 to 5.4.1 to solve CVE-2020-14343 (#15989)
---
docker/pulsar/Dockerfile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/docker/pulsar/Dockerfile b/docker/pulsar/Dockerfile
index b15cb827b9f..e45e8e50659 100644
--- a/docker/pulsar/Dockerfile
+++ b/docker/pulsar/Dockerfile
@@ -58,7 +58,7 @@ RUN sed -i "s|http://archive\.ubuntu\.com/ubuntu/|${UBUNTU_MIRROR:-mirror://mirr
&& apt-get update \
&& apt-get -y dist-upgrade \
&& apt-get -y install --no-install-recommends openjdk-11-jdk-headless netcat dnsutils less procps iputils-ping \
- python3 python3-yaml python3-kazoo python3-pip \
+ python3 python3-kazoo python3-pip \
curl ca-certificates \
&& apt-get -y --purge autoremove \
&& apt-get autoclean \
@@ -66,6 +66,7 @@ RUN sed -i "s|http://archive\.ubuntu\.com/ubuntu/|${UBUNTU_MIRROR:-mirror://mirr
&& rm -rf /var/lib/apt/lists/*
RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 10
+RUN pip3 install pyyaml==5.4.1
# Pulsar currently writes to the below directories, assuming the default configuration.
# Note that number 4 is the reason that pulsar components need write access to the /pulsar directory.