You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by yo...@apache.org on 2022/07/05 06:48:43 UTC

[pulsar] branch master updated: Exclude the Netty Reactive Stream from asynchttpclient (#16312)

This is an automated email from the ASF dual-hosted git repository.

yong pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new f9e89edee9c Exclude the Netty Reactive Stream from asynchttpclient (#16312)
f9e89edee9c is described below

commit f9e89edee9ccb88c3656443b1cf6ffbb0aa1ac55
Author: Yong Zhang <zh...@gmail.com>
AuthorDate: Tue Jul 5 14:48:34 2022 +0800

    Exclude the Netty Reactive Stream from asynchttpclient (#16312)
    
    * Exclude the Netty Reactive Stream from asynchttpclient
    ---
    
    *Motivation*
    
    We upgrade the Netty Reactive Stream in the PR #15990,
    but the asynchttpclient still uses it. We should use
    our project dependency to address the CVE.
    
    * Add the related dependency to the sub module
---
 pom.xml                     | 4 ++++
 pulsar-client-tools/pom.xml | 4 ++++
 pulsar-client/pom.xml       | 5 +++++
 3 files changed, 13 insertions(+)

diff --git a/pom.xml b/pom.xml
index 26df9055623..6d4d022607a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -290,6 +290,10 @@ flexible messaging model and an intuitive client API.</description>
             <groupId>io.netty</groupId>
             <artifactId>*</artifactId>
           </exclusion>
+          <exclusion>
+            <groupId>com.typesafe.netty</groupId>
+            <artifactId>netty-reactive-streams</artifactId>
+          </exclusion>
         </exclusions>
       </dependency>
 
diff --git a/pulsar-client-tools/pom.xml b/pulsar-client-tools/pom.xml
index a5481dffb88..b05cb517b81 100644
--- a/pulsar-client-tools/pom.xml
+++ b/pulsar-client-tools/pom.xml
@@ -66,6 +66,10 @@
       <groupId>org.asynchttpclient</groupId>
       <artifactId>async-http-client</artifactId>
     </dependency>
+    <dependency>
+      <groupId>com.typesafe.netty</groupId>
+      <artifactId>netty-reactive-streams</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.apache.commons</groupId>
       <artifactId>commons-lang3</artifactId>
diff --git a/pulsar-client/pom.xml b/pulsar-client/pom.xml
index 5be8fcd439a..8cf75e89f52 100644
--- a/pulsar-client/pom.xml
+++ b/pulsar-client/pom.xml
@@ -88,6 +88,11 @@
       <artifactId>async-http-client</artifactId>
     </dependency>
 
+    <dependency>
+      <groupId>com.typesafe.netty</groupId>
+      <artifactId>netty-reactive-streams</artifactId>
+    </dependency>
+
     <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>slf4j-api</artifactId>