You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by pe...@apache.org on 2022/09/08 01:05:37 UTC
[pulsar] branch branch-2.8 updated: [fix][sec] bump snakeyaml to 1.31 fix CVE-2022-25857 (#17457)
This is an automated email from the ASF dual-hosted git repository.
penghui pushed a commit to branch branch-2.8
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-2.8 by this push:
new f3114b971c3 [fix][sec] bump snakeyaml to 1.31 fix CVE-2022-25857 (#17457)
f3114b971c3 is described below
commit f3114b971c3acfb5ff7b94f4efe823d78f533053
Author: tison <wa...@gmail.com>
AuthorDate: Mon Sep 5 12:09:59 2022 +0800
[fix][sec] bump snakeyaml to 1.31 fix CVE-2022-25857 (#17457)
(cherry picked from commit 3ea478a025149afccf7cbe4887c249b98a776098)
---
distribution/server/src/assemble/LICENSE.bin.txt | 2 +-
pom.xml | 2 +-
pulsar-sql/presto-distribution/LICENSE | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
index 9f95bd92d0c..3df3b0a3873 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -450,7 +450,7 @@ The Apache Software License, Version 2.0
- org.eclipse.jetty.websocket-websocket-servlet-9.4.48.v20220622.jar
- org.eclipse.jetty-jetty-alpn-conscrypt-server-9.4.48.v20220622.jar
- org.eclipse.jetty-jetty-alpn-server-9.4.48.v20220622.jar
- * SnakeYaml -- org.yaml-snakeyaml-1.30.jar
+ * SnakeYaml -- org.yaml-snakeyaml-1.31.jar
* RocksDB - org.rocksdb-rocksdbjni-6.10.2.jar
* Google Error Prone Annotations - com.google.errorprone-error_prone_annotations-2.5.1.jar
* Apache Thrifth - org.apache.thrift-libthrift-0.14.2.jar
diff --git a/pom.xml b/pom.xml
index e97a4a1d98b..2915d01e59f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -200,7 +200,7 @@ flexible messaging model and an intuitive client API.</description>
<spring-context.version>5.3.15</spring-context.version>
<apache-http-client.version>4.5.13</apache-http-client.version>
<seancfoley.ipaddress.version>5.3.3</seancfoley.ipaddress.version>
- <snakeyaml.version>1.30</snakeyaml.version>
+ <snakeyaml.version>1.31</snakeyaml.version>
<!-- test dependencies -->
<cassandra.version>3.6.0</cassandra.version>
diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE
index 27b4d6e5ac4..7180833ef90 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -397,7 +397,7 @@ The Apache Software License, Version 2.0
* RocksDB JNI
- rocksdbjni-6.10.2.jar
* SnakeYAML
- - snakeyaml-1.30.jar
+ - snakeyaml-1.31.jar
* Bean Validation API
- validation-api-2.0.1.Final.jar
* Objectsize