You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by te...@apache.org on 2022/09/05 05:31:22 UTC

[pulsar] branch branch-2.11 updated: [fix][sec] bump snakeyaml to 1.31 fix CVE-2022-25857 (#17457) (#17466)

This is an automated email from the ASF dual-hosted git repository.

technoboy pushed a commit to branch branch-2.11
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/branch-2.11 by this push:
     new a90f2ec2194 [fix][sec] bump snakeyaml to 1.31 fix CVE-2022-25857 (#17457) (#17466)
a90f2ec2194 is described below

commit a90f2ec219469b6bb9ec0943731ac2ad271afc38
Author: tison <wa...@gmail.com>
AuthorDate: Mon Sep 5 13:31:17 2022 +0800

    [fix][sec] bump snakeyaml to 1.31 fix CVE-2022-25857 (#17457) (#17466)
---
 buildtools/pom.xml                               | 2 +-
 distribution/server/src/assemble/LICENSE.bin.txt | 2 +-
 pom.xml                                          | 2 +-
 pulsar-sql/presto-distribution/LICENSE           | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/buildtools/pom.xml b/buildtools/pom.xml
index e04328f146d..2900b7977d5 100644
--- a/buildtools/pom.xml
+++ b/buildtools/pom.xml
@@ -49,7 +49,7 @@
     <guice.version>4.2.3</guice.version>
     <guava.version>31.0.1-jre</guava.version>
     <ant.version>1.10.12</ant.version>
-    <snakeyaml.version>1.30</snakeyaml.version>
+    <snakeyaml.version>1.31</snakeyaml.version>
     <mockito.version>3.12.4</mockito.version>
     <!-- required for running tests on JDK11+ -->
     <test.additional.args>
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
index 2a162f5cee6..7e3a1d4b99f 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -454,7 +454,7 @@ The Apache Software License, Version 2.0
     - org.eclipse.jetty.websocket-websocket-servlet-9.4.48.v20220622.jar
     - org.eclipse.jetty-jetty-alpn-conscrypt-server-9.4.48.v20220622.jar
     - org.eclipse.jetty-jetty-alpn-server-9.4.48.v20220622.jar
- * SnakeYaml -- org.yaml-snakeyaml-1.30.jar
+ * SnakeYaml -- org.yaml-snakeyaml-1.31.jar
  * RocksDB - org.rocksdb-rocksdbjni-6.29.4.1.jar
  * Google Error Prone Annotations - com.google.errorprone-error_prone_annotations-2.5.1.jar
  * Apache Thrift - org.apache.thrift-libthrift-0.14.2.jar
diff --git a/pom.xml b/pom.xml
index 3383b9b0df6..8e716515e73 100644
--- a/pom.xml
+++ b/pom.xml
@@ -224,7 +224,7 @@ flexible messaging model and an intuitive client API.</description>
     <apache-http-client.version>4.5.13</apache-http-client.version>
     <apache-httpcomponents.version>4.4.15</apache-httpcomponents.version>
     <jetcd.version>0.5.11</jetcd.version>
-    <snakeyaml.version>1.30</snakeyaml.version>
+    <snakeyaml.version>1.31</snakeyaml.version>
     <ant.version>1.10.12</ant.version>
     <seancfoley.ipaddress.version>5.3.3</seancfoley.ipaddress.version>
     <disruptor.version>3.4.3</disruptor.version>
diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE
index b48d8e58600..848847b4a16 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -412,7 +412,7 @@ The Apache Software License, Version 2.0
   * RocksDB JNI
     - rocksdbjni-6.29.4.1.jar
   * SnakeYAML
-    - snakeyaml-1.30.jar
+    - snakeyaml-1.31.jar
   * Bean Validation API
     - validation-api-2.0.1.Final.jar
   * Objectsize