You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zookeeper.apache.org by sy...@apache.org on 2022/05/17 16:54:56 UTC
[zookeeper] branch branch-3.5 updated: ZOOKEEPER-4543: update dependencies before release 3.5.10
This is an automated email from the ASF dual-hosted git repository.
symat pushed a commit to branch branch-3.5
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/branch-3.5 by this push:
new c73797e15 ZOOKEEPER-4543: update dependencies before release 3.5.10
c73797e15 is described below
commit c73797e15204f6f30ce861e19c9c6cea9ca52e95
Author: Mate Szalay-Beko <sy...@apache.com>
AuthorDate: Tue May 17 18:54:35 2022 +0200
ZOOKEEPER-4543: update dependencies before release 3.5.10
due to CVE problems, I updated:
- netty
- jetty
- jackson
I also renamed (or added missing) license files and updated notice files.
Author: Mate Szalay-Beko <sy...@apache.com>
Reviewers: Enrico Olivelli <eo...@apache.org>
Closes #1878 from symat/ZOOKEEPER-4543
---
NOTICE.txt | 2 +-
owaspSuppressions.xml | 10 ----------
pom.xml | 7 +++----
zookeeper-server/src/main/resources/LICENSE.txt | 8 ++++----
zookeeper-server/src/main/resources/NOTICE.txt | 2 +-
...er-4.1.73.Final.LICENSE.txt => commons-cli-1.2.LICENSE.txt} | 2 +-
...inal.LICENSE.txt => jackson-annotations-2.13.3.LICENSE.txt} | 2 +-
....1.73.Final.LICENSE.txt => jackson-core-2.13.3.LICENSE.txt} | 2 +-
...3.Final.LICENSE.txt => jackson-databind-2.13.3.LICENSE.txt} | 2 +-
...629.LICENSE.txt => jetty-http-9.4.46.v20220331.LICENSE.txt} | 0
...10629.LICENSE.txt => jetty-io-9.4.46.v20220331.LICENSE.txt} | 0
...LICENSE.txt => jetty-security-9.4.46.v20220331.LICENSE.txt} | 0
...9.LICENSE.txt => jetty-server-9.4.46.v20220331.LICENSE.txt} | 0
....LICENSE.txt => jetty-servlet-9.4.46.v20220331.LICENSE.txt} | 0
...629.LICENSE.txt => jetty-util-9.4.46.v20220331.LICENSE.txt} | 0
...ICENSE.txt => jetty-util-ajax-9.4.46.v20220331.LICENSE.txt} | 0
...Final.LICENSE.txt => netty-buffer-4.1.77.Final.LICENSE.txt} | 0
....Final.LICENSE.txt => netty-codec-4.1.77.Final.LICENSE.txt} | 0
...Final.LICENSE.txt => netty-common-4.1.77.Final.LICENSE.txt} | 0
...inal.LICENSE.txt => netty-handler-4.1.77.Final.LICENSE.txt} | 0
...nal.LICENSE.txt => netty-resolver-4.1.77.Final.LICENSE.txt} | 0
...al.LICENSE.txt => netty-transport-4.1.77.Final.LICENSE.txt} | 0
...t => netty-transport-native-epoll-4.1.77.Final.LICENSE.txt} | 0
...etty-transport-native-unix-common-4.1.77.Final.LICENSE.txt} | 0
24 files changed, 13 insertions(+), 24 deletions(-)
diff --git a/NOTICE.txt b/NOTICE.txt
index 4c4f8b220..87256b972 100644
--- a/NOTICE.txt
+++ b/NOTICE.txt
@@ -1,5 +1,5 @@
Apache ZooKeeper
-Copyright 2009-2020 The Apache Software Foundation
+Copyright 2009-2022 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
diff --git a/owaspSuppressions.xml b/owaspSuppressions.xml
index 2565f0db1..5c4bc33bc 100644
--- a/owaspSuppressions.xml
+++ b/owaspSuppressions.xml
@@ -41,14 +41,4 @@
this writing -->
<cve>CVE-2019-3826</cve>
</suppress>
- <suppress>
- <!-- false positive for us, it is about log4j server in log4j-1.2.17.jar
- ZOOKEEPER-3677 -->
- <cve>CVE-2019-17571</cve>
- </suppress>
- <suppress>
- <!-- it only affects the log4j SmtpAppender users. As Log4J 1.2 is EOL now, we can't fix this unless we
- upgrade to log4j 2. See ZOOKEEPER-3817 -->
- <cve>CVE-2020-9488</cve>
- </suppress>
</suppressions>
diff --git a/pom.xml b/pom.xml
index 60503732e..70bb76477 100755
--- a/pom.xml
+++ b/pom.xml
@@ -297,10 +297,9 @@
<mockito.version>2.27.0</mockito.version>
<hamcrest.version>1.3</hamcrest.version>
<commons-cli.version>1.2</commons-cli.version>
- <netty.version>4.1.73.Final</netty.version>
- <jetty.version>9.4.43.v20210629</jetty.version>
- <netty.version>4.1.70.Final</netty.version>
- <jackson.version>2.13.1</jackson.version>
+ <netty.version>4.1.77.Final</netty.version>
+ <jetty.version>9.4.46.v20220331</jetty.version>
+ <jackson.version>2.13.3</jackson.version>
<json.version>1.1.1</json.version>
<jline.version>2.14.6</jline.version>
<snappy.version>1.1.7</snappy.version>
diff --git a/zookeeper-server/src/main/resources/LICENSE.txt b/zookeeper-server/src/main/resources/LICENSE.txt
index 287d96031..faca4f10b 100644
--- a/zookeeper-server/src/main/resources/LICENSE.txt
+++ b/zookeeper-server/src/main/resources/LICENSE.txt
@@ -206,9 +206,9 @@ This distribution bundles javacc, which is available under the
3-clause BSD License. For details, see a copy of the license in
lib/javacc.LICENSE.txt
-This distribution bundles jline 2.11, which is available under the
+This distribution bundles jline 2.14.6, which is available under the
2-clause BSD License. For details, see a copy of the license in
-lib/jline-2.11.LICENSE.txt
+lib/jline-2.14.6.LICENSE.txt
This distribution bundles SLF4J 1.7.36, which is available under the MIT
License. For details, see a copy of the license in
@@ -223,6 +223,6 @@ Apache Software License, Version 2.0. For details, see a copy of the license in
lib/json-simple-1.1.1.LICENSE.txt
This distribution bundles a modified version of 'JZLib' as part of
-Netty-3.7.0, which is available under the 3-clause BSD licence. For
+Netty-4.1.77, which is available under the 3-clause BSD licence. For
details, see a copy of the licence in META-INF/license/LICENSE-jzlib.txt
-as part of the Netty jar in lib/netty-3.7.0.Final.jar.
+as part of the Netty jar in lib/netty-4.1.77.Final.jar.
diff --git a/zookeeper-server/src/main/resources/NOTICE.txt b/zookeeper-server/src/main/resources/NOTICE.txt
index a8170474b..a75a727de 100644
--- a/zookeeper-server/src/main/resources/NOTICE.txt
+++ b/zookeeper-server/src/main/resources/NOTICE.txt
@@ -1,5 +1,5 @@
Apache ZooKeeper
-Copyright 2009-2017 The Apache Software Foundation
+Copyright 2009-2022 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
diff --git a/zookeeper-server/src/main/resources/lib/netty-buffer-4.1.73.Final.LICENSE.txt b/zookeeper-server/src/main/resources/lib/commons-cli-1.2.LICENSE.txt
similarity index 99%
copy from zookeeper-server/src/main/resources/lib/netty-buffer-4.1.73.Final.LICENSE.txt
copy to zookeeper-server/src/main/resources/lib/commons-cli-1.2.LICENSE.txt
index 6279e5206..d64569567 100644
--- a/zookeeper-server/src/main/resources/lib/netty-buffer-4.1.73.Final.LICENSE.txt
+++ b/zookeeper-server/src/main/resources/lib/commons-cli-1.2.LICENSE.txt
@@ -187,7 +187,7 @@
same "printed page" as the copyright notice for easier
identification within third-party archives.
- Copyright 1999-2005 The Apache Software Foundation
+ Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
diff --git a/zookeeper-server/src/main/resources/lib/netty-buffer-4.1.73.Final.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jackson-annotations-2.13.3.LICENSE.txt
similarity index 99%
copy from zookeeper-server/src/main/resources/lib/netty-buffer-4.1.73.Final.LICENSE.txt
copy to zookeeper-server/src/main/resources/lib/jackson-annotations-2.13.3.LICENSE.txt
index 6279e5206..d64569567 100644
--- a/zookeeper-server/src/main/resources/lib/netty-buffer-4.1.73.Final.LICENSE.txt
+++ b/zookeeper-server/src/main/resources/lib/jackson-annotations-2.13.3.LICENSE.txt
@@ -187,7 +187,7 @@
same "printed page" as the copyright notice for easier
identification within third-party archives.
- Copyright 1999-2005 The Apache Software Foundation
+ Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
diff --git a/zookeeper-server/src/main/resources/lib/netty-buffer-4.1.73.Final.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jackson-core-2.13.3.LICENSE.txt
similarity index 99%
copy from zookeeper-server/src/main/resources/lib/netty-buffer-4.1.73.Final.LICENSE.txt
copy to zookeeper-server/src/main/resources/lib/jackson-core-2.13.3.LICENSE.txt
index 6279e5206..d64569567 100644
--- a/zookeeper-server/src/main/resources/lib/netty-buffer-4.1.73.Final.LICENSE.txt
+++ b/zookeeper-server/src/main/resources/lib/jackson-core-2.13.3.LICENSE.txt
@@ -187,7 +187,7 @@
same "printed page" as the copyright notice for easier
identification within third-party archives.
- Copyright 1999-2005 The Apache Software Foundation
+ Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
diff --git a/zookeeper-server/src/main/resources/lib/netty-buffer-4.1.73.Final.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jackson-databind-2.13.3.LICENSE.txt
similarity index 99%
copy from zookeeper-server/src/main/resources/lib/netty-buffer-4.1.73.Final.LICENSE.txt
copy to zookeeper-server/src/main/resources/lib/jackson-databind-2.13.3.LICENSE.txt
index 6279e5206..d64569567 100644
--- a/zookeeper-server/src/main/resources/lib/netty-buffer-4.1.73.Final.LICENSE.txt
+++ b/zookeeper-server/src/main/resources/lib/jackson-databind-2.13.3.LICENSE.txt
@@ -187,7 +187,7 @@
same "printed page" as the copyright notice for easier
identification within third-party archives.
- Copyright 1999-2005 The Apache Software Foundation
+ Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
diff --git a/zookeeper-server/src/main/resources/lib/jetty-http-9.4.43.v20210629.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-http-9.4.46.v20220331.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/jetty-http-9.4.43.v20210629.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/jetty-http-9.4.46.v20220331.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/jetty-io-9.4.43.v20210629.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-io-9.4.46.v20220331.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/jetty-io-9.4.43.v20210629.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/jetty-io-9.4.46.v20220331.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/jetty-security-9.4.43.v20210629.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-security-9.4.46.v20220331.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/jetty-security-9.4.43.v20210629.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/jetty-security-9.4.46.v20220331.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/jetty-server-9.4.43.v20210629.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-server-9.4.46.v20220331.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/jetty-server-9.4.43.v20210629.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/jetty-server-9.4.46.v20220331.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.43.v20210629.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.46.v20220331.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.43.v20210629.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.46.v20220331.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/jetty-util-9.4.43.v20210629.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-util-9.4.46.v20220331.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/jetty-util-9.4.43.v20210629.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/jetty-util-9.4.46.v20220331.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.43.v20210629.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.46.v20220331.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.43.v20210629.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.46.v20220331.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/netty-buffer-4.1.73.Final.LICENSE.txt b/zookeeper-server/src/main/resources/lib/netty-buffer-4.1.77.Final.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/netty-buffer-4.1.73.Final.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/netty-buffer-4.1.77.Final.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/netty-codec-4.1.73.Final.LICENSE.txt b/zookeeper-server/src/main/resources/lib/netty-codec-4.1.77.Final.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/netty-codec-4.1.73.Final.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/netty-codec-4.1.77.Final.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/netty-common-4.1.73.Final.LICENSE.txt b/zookeeper-server/src/main/resources/lib/netty-common-4.1.77.Final.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/netty-common-4.1.73.Final.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/netty-common-4.1.77.Final.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/netty-handler-4.1.73.Final.LICENSE.txt b/zookeeper-server/src/main/resources/lib/netty-handler-4.1.77.Final.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/netty-handler-4.1.73.Final.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/netty-handler-4.1.77.Final.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/netty-resolver-4.1.73.Final.LICENSE.txt b/zookeeper-server/src/main/resources/lib/netty-resolver-4.1.77.Final.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/netty-resolver-4.1.73.Final.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/netty-resolver-4.1.77.Final.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/netty-transport-4.1.73.Final.LICENSE.txt b/zookeeper-server/src/main/resources/lib/netty-transport-4.1.77.Final.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/netty-transport-4.1.73.Final.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/netty-transport-4.1.77.Final.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/netty-transport-native-epoll-4.1.73.Final.LICENSE.txt b/zookeeper-server/src/main/resources/lib/netty-transport-native-epoll-4.1.77.Final.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/netty-transport-native-epoll-4.1.73.Final.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/netty-transport-native-epoll-4.1.77.Final.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/netty-transport-native-unix-common-4.1.73.Final.LICENSE.txt b/zookeeper-server/src/main/resources/lib/netty-transport-native-unix-common-4.1.77.Final.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/netty-transport-native-unix-common-4.1.73.Final.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/netty-transport-native-unix-common-4.1.77.Final.LICENSE.txt