You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dolphinscheduler.apache.org by ke...@apache.org on 2022/06/03 09:18:02 UTC
[dolphinscheduler] branch dev updated: issues-10354: upgrade commons-io to fix CVE (#10355)

This is an automated email from the ASF dual-hosted git repository.

kezhenxu94 pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git


The following commit(s) were added to refs/heads/dev by this push:
     new b6350280e6 issues-10354: upgrade commons-io to fix CVE (#10355)
b6350280e6 is described below

commit b6350280e66f604968e249919dc4a13a04eecee4
Author: PJ Fanning <pj...@users.noreply.github.com>
AuthorDate: Fri Jun 3 10:17:52 2022 +0100

    issues-10354: upgrade commons-io to fix CVE (#10355)
---
 dolphinscheduler-dist/release-docs/LICENSE | 4 ++--
 pom.xml                                    | 4 ++--
 tools/dependencies/known-dependencies.txt  | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/dolphinscheduler-dist/release-docs/LICENSE b/dolphinscheduler-dist/release-docs/LICENSE
index 6fef89bc8e..0002c8dee2 100644
--- a/dolphinscheduler-dist/release-docs/LICENSE
+++ b/dolphinscheduler-dist/release-docs/LICENSE
@@ -236,7 +236,7 @@ The text of each license is also included at licenses/LICENSE-[project].txt.
     commons-dbcp 1.4: https://github.com/apache/commons-dbcp, Apache 2.0
     commons-email 1.5: https://github.com/apache/commons-email, Apache 2.0
     commons-httpclient 3.0.1: https://mvnrepository.com/artifact/commons-httpclient/commons-httpclient/3.0.1, Apache 2.0
-    commons-io 2.4: https://github.com/apache/commons-io, Apache 2.0
+    commons-io 2.11.0: https://github.com/apache/commons-io, Apache 2.0
     commons-lang 2.6: https://github.com/apache/commons-lang, Apache 2.0
     commons-logging 1.1.1: https://github.com/apache/commons-logging, Apache 2.0
     commons-math3 3.1.1: https://mvnrepository.com/artifact/org.apache.commons/commons-math3/3.1.1, Apache 2.0
@@ -281,7 +281,7 @@ The text of each license is also included at licenses/LICENSE-[project].txt.
     hive-storage-api 2.1.0: https://mvnrepository.com/artifact/org.apache.hive/hive-storage-api/2.1.0, Apache 2.0
     htrace-core 3.1.0-incubating: https://mvnrepository.com/artifact/org.apache.htrace/htrace-core/3.1.0-incubating, Apache 2.0
     httpclient 4.5.13: https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient/4.5.13, Apache 2.0
-    httpcore 4.4.1: https://mvnrepository.com/artifact/org.apache.httpcomponents/httpcore/4.4.1, Apache 2.0
+    httpcore 4.4.15: https://mvnrepository.com/artifact/org.apache.httpcomponents/httpcore/4.4.15, Apache 2.0
     httpmime 4.5.13: https://mvnrepository.com/artifact/org.apache.httpcomponents/httpmime/4.5.13, Apache 2.0
     jackson-annotations 2.10.5: https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-annotations/2.10.5, Apache 2.0
     jackson-core 2.10.5: https://github.com/FasterXML/jackson-core, Apache 2.0
diff --git a/pom.xml b/pom.xml
index 4db5ab4281..05a1722c8d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -69,7 +69,7 @@
         <commons.logging.version>1.1.1</commons.logging.version>
         <commons.lang3.version>3.12.0</commons.lang3.version>
         <httpclient.version>4.5.13</httpclient.version>
-        <httpcore.version>4.4.1</httpcore.version>
+        <httpcore.version>4.4.15</httpcore.version>
         <junit.version>4.12</junit.version>
         <mysql.connector.version>8.0.16</mysql.connector.version>
         <slf4j.api.version>1.7.5</slf4j.api.version>
@@ -84,7 +84,7 @@
         <guava.version>24.1-jre</guava.version>
         <postgresql.version>42.3.4</postgresql.version>
         <hive.jdbc.version>2.1.0</hive.jdbc.version>
-        <commons.io.version>2.4</commons.io.version>
+        <commons.io.version>2.11.0</commons.io.version>
         <oshi.core.version>6.1.1</oshi.core.version>
         <clickhouse.jdbc.version>0.1.52</clickhouse.jdbc.version>
         <mssql.jdbc.version>6.1.0.jre8</mssql.jdbc.version>
diff --git a/tools/dependencies/known-dependencies.txt b/tools/dependencies/known-dependencies.txt
index a89c8cd41e..ce588528af 100755
--- a/tools/dependencies/known-dependencies.txt
+++ b/tools/dependencies/known-dependencies.txt
@@ -29,7 +29,7 @@ commons-configuration-1.10.jar
 commons-beanutils-1.9.4.jar
 commons-dbcp-1.4.jar
 commons-httpclient-3.0.1.jar
-commons-io-2.4.jar
+commons-io-2.11.0.jar
 commons-lang-2.6.jar
 commons-logging-1.1.1.jar
 commons-math3-3.1.1.jar
@@ -78,7 +78,7 @@ hive-service-rpc-2.1.0.jar
 hive-storage-api-2.1.0.jar
 htrace-core-3.1.0-incubating.jar
 httpclient-4.5.13.jar
-httpcore-4.4.1.jar
+httpcore-4.4.15.jar
 httpmime-4.5.13.jar
 j2objc-annotations-1.1.jar
 jackson-annotations-2.10.5.jar