You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by br...@apache.org on 2020/10/01 08:08:28 UTC
[lucene-solr] branch master updated: SOLR-14905: Upgrade commons-io
version to 2.8.0. Closes #1934
This is an automated email from the ASF dual-hosted git repository.
broustant pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git
The following commit(s) were added to refs/heads/master by this push:
new 167c305 SOLR-14905: Upgrade commons-io version to 2.8.0. Closes #1934
167c305 is described below
commit 167c3050df57a0e2558119e83fe3223fb66e9bf1
Author: Bruno Roustant <br...@salesforce.com>
AuthorDate: Thu Oct 1 10:07:42 2020 +0200
SOLR-14905: Upgrade commons-io version to 2.8.0.
Closes #1934
---
solr/CHANGES.txt | 2 ++
solr/core/src/test/org/apache/hadoop/fs/FileUtil.java | 7 +------
solr/licenses/commons-io-2.6.jar.sha1 | 1 -
solr/licenses/commons-io-2.8.0.jar.sha1 | 1 +
versions.lock | 2 +-
versions.props | 2 +-
6 files changed, 6 insertions(+), 9 deletions(-)
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 5242359..24952d8 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -187,6 +187,8 @@ Improvements
* SOLR-14859: DateRangeField now throws errors when invalid field/fieldType options specified; no longer silently accepts incompatible option values
(Jason Gerlowski, Chris Hostetter, Munendra S N)
+* SOLR-14905: Update commons-io version to 2.8.0 due to security vulnerability. (Nazerke Seidan via Bruno Roustant)
+
Optimizations
---------------------
diff --git a/solr/core/src/test/org/apache/hadoop/fs/FileUtil.java b/solr/core/src/test/org/apache/hadoop/fs/FileUtil.java
index e38b563..4b34356 100644
--- a/solr/core/src/test/org/apache/hadoop/fs/FileUtil.java
+++ b/solr/core/src/test/org/apache/hadoop/fs/FileUtil.java
@@ -597,12 +597,7 @@ public class FileUtil {
File[] allFiles = dir.listFiles();
if(allFiles != null) {
for (int i = 0; i < allFiles.length; i++) {
- boolean isSymLink;
- try {
- isSymLink = org.apache.commons.io.FileUtils.isSymlink(allFiles[i]);
- } catch(IOException ioe) {
- isSymLink = true;
- }
+ boolean isSymLink = org.apache.commons.io.FileUtils.isSymlink(allFiles[i]);
if(!isSymLink) {
size += getDU(allFiles[i]);
}
diff --git a/solr/licenses/commons-io-2.6.jar.sha1 b/solr/licenses/commons-io-2.6.jar.sha1
deleted file mode 100644
index 9fa55f5..0000000
--- a/solr/licenses/commons-io-2.6.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-815893df5f31da2ece4040fe0a12fd44b577afaf
diff --git a/solr/licenses/commons-io-2.8.0.jar.sha1 b/solr/licenses/commons-io-2.8.0.jar.sha1
new file mode 100644
index 0000000..3a5fc71
--- /dev/null
+++ b/solr/licenses/commons-io-2.8.0.jar.sha1
@@ -0,0 +1 @@
+92999e26e6534606b5678014e66948286298a35c
diff --git a/versions.lock b/versions.lock
index 5c40e17..bb9e06a 100644
--- a/versions.lock
+++ b/versions.lock
@@ -34,7 +34,7 @@ com.tdunning:t-digest:3.1 (1 constraints: a804212c)
commons-cli:commons-cli:1.4 (1 constraints: a9041e2c)
commons-codec:commons-codec:1.13 (1 constraints: d904f430)
commons-collections:commons-collections:3.2.2 (1 constraints: 09050236)
-commons-io:commons-io:2.6 (1 constraints: ac04232c)
+commons-io:commons-io:2.8.0 (1 constraints: 0c050d36)
commons-lang:commons-lang:2.6 (1 constraints: 2a0d520d)
commons-logging:commons-logging:1.1.3 (2 constraints: c8149e7f)
de.l3s.boilerpipe:boilerpipe:1.1.0 (1 constraints: 0405f335)
diff --git a/versions.props b/versions.props
index c86546e..ddaf476 100644
--- a/versions.props
+++ b/versions.props
@@ -27,7 +27,7 @@ com.vaadin.external.google:android-json=0.0.20131108.vaadin1
commons-cli:commons-cli=1.4
commons-codec:commons-codec=1.13
commons-collections:commons-collections=3.2.2
-commons-io:commons-io=2.6
+commons-io:commons-io=2.8.0
commons-logging:commons-logging=1.1.3
de.l3s.boilerpipe:boilerpipe=1.1.0
io.dropwizard.metrics:*=4.1.5