You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2018/10/30 06:26:05 UTC
[GitHub] merlimat closed pull request #2886: Upgrade commons-collections for
Security Vulnerabilities[CVE-2015-7501]
merlimat closed pull request #2886: Upgrade commons-collections for Security Vulnerabilities[CVE-2015-7501]
URL: https://github.com/apache/pulsar/pull/2886
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
index 1a3774c1fa..fcaf1ed767 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -339,7 +339,7 @@ The Apache Software License, Version 2.0
- commons-beanutils-commons-beanutils-core-1.8.0.jar
- commons-cli-commons-cli-1.2.jar
- commons-codec-commons-codec-1.10.jar
- - commons-collections-commons-collections-3.2.1.jar
+ - commons-collections-commons-collections-3.2.2.jar
- commons-configuration-commons-configuration-1.6.jar
- commons-digester-commons-digester-1.8.jar
- commons-io-commons-io-2.5.jar
diff --git a/pom.xml b/pom.xml
index ef870ab4e4..fb8a3bdc80 100644
--- a/pom.xml
+++ b/pom.xml
@@ -152,6 +152,7 @@ flexible messaging model and an intuitive client API.</description>
<aspectj.version>1.9.1</aspectj.version>
<rocksdb.version>5.13.3</rocksdb.version>
<slf4j.version>1.7.25</slf4j.version>
+ <commons.collections.version>3.2.2</commons.collections.version>
<log4j2.version>2.10.0</log4j2.version>
<bouncycastle.version>1.55</bouncycastle.version>
<jackson.version>2.8.4</jackson.version>
@@ -813,6 +814,12 @@ flexible messaging model and an intuitive client API.</description>
</exclusion>
</exclusions>
</dependency>
+
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>${commons.collections.version}</version>
+ </dependency>
<dependency>
<groupId>org.apache.jclouds</groupId>
diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE
index 92ddc60581..9e5e9feff2 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -243,7 +243,7 @@ The Apache Software License, Version 2.0
- commons-compress-1.15.jar
- commons-lang3-3.3.2.jar
- commons-lang3-3.4.jar
- - commons-collections-3.2.1.jar
+ - commons-collections-3.2.2.jar
- commons-configuration-1.6.jar
- commons-digester-1.8.jar
- commons-lang-2.4.jar
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services