You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@skywalking.apache.org by wu...@apache.org on 2022/11/11 06:46:15 UTC

[skywalking] branch cve created (now 0d4044dbda)

This is an automated email from the ASF dual-hosted git repository.

wusheng pushed a change to branch cve
in repository https://gitbox.apache.org/repos/asf/skywalking.git


      at 0d4044dbda Bump up Kafka client to 2.8.1 to fix CVE-2021-38153.

This branch includes the following new commits:

     new 0d4044dbda Bump up Kafka client to 2.8.1 to fix CVE-2021-38153.

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[skywalking] 01/01: Bump up Kafka client to 2.8.1 to fix CVE-2021-38153.

Posted by wu...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

wusheng pushed a commit to branch cve
in repository https://gitbox.apache.org/repos/asf/skywalking.git

commit 0d4044dbda4acfb5e143a0f24ad5e1794373a98a
Author: Wu Sheng <wu...@foxmail.com>
AuthorDate: Fri Nov 11 14:46:08 2022 +0800

    Bump up Kafka client to 2.8.1 to fix CVE-2021-38153.
---
 dist-material/release-docs/LICENSE | 22 +++++++++++-----------
 docs/en/changes/changes.md         |  3 ++-
 oap-server-bom/pom.xml             |  2 +-
 3 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/dist-material/release-docs/LICENSE b/dist-material/release-docs/LICENSE
index 6bb498a288..445941f2c1 100755
--- a/dist-material/release-docs/LICENSE
+++ b/dist-material/release-docs/LICENSE
@@ -355,6 +355,7 @@ The text of each license is the standard Apache 2.0 license.
     https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient/4.5.13 Apache-2.0
     https://mvnrepository.com/artifact/org.apache.httpcomponents/httpcore/4.4.13 Apache-2.0
     https://mvnrepository.com/artifact/org.apache.httpcomponents/httpcore-nio/4.4.13 Apache-2.0
+    https://mvnrepository.com/artifact/org.apache.kafka/kafka-clients/2.8.1 Apache-2.0
     https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-api/2.17.1 Apache-2.0
     https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/2.17.1 Apache-2.0
     https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-slf4j-impl/2.17.1 Apache-2.0
@@ -378,30 +379,21 @@ The text of each license is the standard Apache 2.0 license.
     https://mvnrepository.com/artifact/org.jetbrains.kotlinx/kotlinx-coroutines-jdk8/1.6.4 Apache-2.0
     https://mvnrepository.com/artifact/org.jetbrains.kotlinx/kotlinx-coroutines-reactive/1.6.4 Apache-2.0
     https://mvnrepository.com/artifact/org.jetbrains/annotations/13.0 Apache-2.0
-    https://mvnrepository.com/artifact/org.lz4/lz4-java/1.6.0 Apache-2.0
+    https://mvnrepository.com/artifact/org.lz4/lz4-java/1.7.1 Apache-2.0
     https://mvnrepository.com/artifact/org.mvel/mvel2/2.4.8.Final Apache-2.0
     https://mvnrepository.com/artifact/org.slf4j/jcl-over-slf4j/1.7.30 Apache-2.0
     https://mvnrepository.com/artifact/org.slf4j/log4j-over-slf4j/1.7.30 Apache-2.0
     https://mvnrepository.com/artifact/org.slf4j/slf4j-api/1.7.30 Apache-2.0
-    https://mvnrepository.com/artifact/org.xerial.snappy/snappy-java/1.1.7.3 Apache-2.0
+    https://mvnrepository.com/artifact/org.xerial.snappy/snappy-java/1.1.8.1 Apache-2.0
     https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.33 Apache-2.0
     https://npmjs.com/package/typescript/v/4.4.4 4.4.4 Apache-2.0
 
-========================================================================
-Apache-2.0 and CDDL-1.1 and BSD-3-Clause and BSD-2-Clause licenses
-========================================================================
-The following components are provided under the Apache-2.0 and CDDL-1.1 and BSD-3-Clause and BSD-2-Clause License. See project link for details.
-The text of each license is also included in licenses/LICENSE-[project].txt.
-
-    https://mvnrepository.com/artifact/org.apache.kafka/kafka-clients/2.4.1 Apache-2.0 and CDDL-1.1 and BSD-3-Clause and BSD-2-Clause
-
 ========================================================================
 BSD-2-Clause licenses
 ========================================================================
 The following components are provided under the BSD-2-Clause License. See project link for details.
 The text of each license is also included in licenses/LICENSE-[project].txt.
 
-    https://mvnrepository.com/artifact/com.github.luben/zstd-jni/1.4.3-1 BSD-2-Clause
     https://mvnrepository.com/artifact/org.postgresql/postgresql/42.4.1 BSD-2-Clause
 
 ========================================================================
@@ -629,6 +621,14 @@ The text of each license is also included in licenses/LICENSE-[project].txt.
 
     https://mvnrepository.com/artifact/com.google.re2j/re2j/1.5 https://golang.org/LICENSE
 
+========================================================================
+https://opensource.org/licenses/BSD-2-Clause;description=BSD 2-Clause License licenses
+========================================================================
+The following components are provided under the https://opensource.org/licenses/BSD-2-Clause;description=BSD 2-Clause License License. See project link for details.
+The text of each license is also included in licenses/LICENSE-[project].txt.
+
+    https://mvnrepository.com/artifact/com.github.luben/zstd-jni/1.4.9-1 https://opensource.org/licenses/BSD-2-Clause;description=BSD 2-Clause License
+
 ========================================================================
 https://spdx.org/licenses/MIT-0.html licenses
 ========================================================================
diff --git a/docs/en/changes/changes.md b/docs/en/changes/changes.md
index 7fea9928d8..606121aca5 100644
--- a/docs/en/changes/changes.md
+++ b/docs/en/changes/changes.md
@@ -105,7 +105,8 @@
 * Support span attached event concept in Zipkin and SkyWalking trace query.
 * Support span attached events on Zipkin lens UI.
 * Force UTF-8 encoding in `JsonLogHandler` of `kafka-fetcher-plugin`.
-* Fix max length to 512 of entity, instance and endpoint IDs in trace, log, profiling, topN tables(JDBC storages). The value was 200 by default. 
+* Fix max length to 512 of entity, instance and endpoint IDs in trace, log, profiling, topN tables(JDBC storages). The value was 200 by default.
+* Bump up Kafka client to 2.8.1 to fix CVE-2021-38153.
 
 #### UI
 
diff --git a/oap-server-bom/pom.xml b/oap-server-bom/pom.xml
index 67334bcfc5..1d30803b04 100644
--- a/oap-server-bom/pom.xml
+++ b/oap-server-bom/pom.xml
@@ -74,7 +74,7 @@
         <httpcore.version>4.4.13</httpcore.version>
         <commons-compress.version>1.21</commons-compress.version>
         <banyandb-java-client.version>0.2.0</banyandb-java-client.version>
-        <kafka-clients.version>2.4.1</kafka-clients.version>
+        <kafka-clients.version>2.8.1</kafka-clients.version>
         <spring-kafka-test.version>2.4.6.RELEASE</spring-kafka-test.version>
     </properties>