You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@bookkeeper.apache.org by yo...@apache.org on 2021/10/26 01:18:06 UTC

[bookkeeper] 03/11: Upgrade httpclient from 4.5.5 to 4.5.13 (#2793)

This is an automated email from the ASF dual-hosted git repository.

yong pushed a commit to branch branch-4.14
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git

commit 356fe037d6674f38f5b46f6f7733d4e460c80f7e
Author: Nicolò Boschi <bo...@gmail.com>
AuthorDate: Fri Oct 15 02:10:41 2021 +0200

    Upgrade httpclient from 4.5.5 to 4.5.13 (#2793)
    
    Upgrade httpclient from 4.5.5 to 4.5.13
    (on gradle dependencies it was already on 4.5.13)
    
    ### Motivation
    Resolve security vulnerability, see https://github.com/advisories/GHSA-7r82-7xv7-xcpj
    
    (cherry picked from commit 04650521b3a91e03cf598a647ecd58df106d081b)
---
 bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt    | 4 ++--
 bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt  | 4 ++--
 bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt | 4 ++--
 pom.xml                                                   | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
index 73b6c3a..1100a4f 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
@@ -285,8 +285,8 @@ Apache Software License, Version 2.
 - lib/com.google.errorprone-error_prone_annotations-2.4.0.jar [36]
 - lib/org.apache.yetus-audience-annotations-0.5.0.jar [37]
 - lib/org.jctools-jctools-core-2.1.2.jar [38]
-- lib/org.apache.httpcomponents-httpclient-4.5.5.jar [39]
-- lib/org.apache.httpcomponents-httpcore-4.4.9.jar [40]
+- lib/org.apache.httpcomponents-httpclient-4.5.13.jar [39]
+- lib/org.apache.httpcomponents-httpcore-4.4.13.jar [40]
 - lib/org.apache.thrift-libthrift-0.14.2.jar [41]
 - lib/com.google.android-annotations-4.1.1.4.jar [42]
 - lib/com.google.http-client-google-http-client-1.34.0.jar [43]
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
index 4ace15e..5a89cab 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
@@ -265,8 +265,8 @@ Apache Software License, Version 2.
 - lib/com.google.errorprone-error_prone_annotations-2.4.0.jar [35]
 - lib/org.apache.yetus-audience-annotations-0.5.0.jar [36]
 - lib/org.jctools-jctools-core-2.1.2.jar [37]
-- lib/org.apache.httpcomponents-httpclient-4.5.5.jar [38]
-- lib/org.apache.httpcomponents-httpcore-4.4.9.jar [39]
+- lib/org.apache.httpcomponents-httpclient-4.5.13.jar [38]
+- lib/org.apache.httpcomponents-httpcore-4.4.13.jar [39]
 - lib/org.apache.thrift-libthrift-0.14.2.jar [40]
 - lib/com.google.android-annotations-4.1.1.4.jar [41]
 - lib/com.google.auto.value-auto-value-annotations-1.7.jar [42]
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
index 126a1b2..e2474f7 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
@@ -285,8 +285,8 @@ Apache Software License, Version 2.
 - lib/com.google.errorprone-error_prone_annotations-2.4.0.jar [36]
 - lib/org.apache.yetus-audience-annotations-0.5.0.jar [37]
 - lib/org.jctools-jctools-core-2.1.2.jar [38]
-- lib/org.apache.httpcomponents-httpclient-4.5.5.jar [39]
-- lib/org.apache.httpcomponents-httpcore-4.4.9.jar [40]
+- lib/org.apache.httpcomponents-httpclient-4.5.13.jar [39]
+- lib/org.apache.httpcomponents-httpcore-4.4.13.jar [40]
 - lib/org.apache.thrift-libthrift-0.14.2.jar [41]
 - lib/com.google.android-annotations-4.1.1.4.jar [42]
 - lib/com.google.http-client-google-http-client-1.34.0.jar [43]
diff --git a/pom.xml b/pom.xml
index 003c31e..de52ae6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -153,7 +153,7 @@
     <powermock.version>2.0.2</powermock.version>
     <prometheus.version>0.8.1</prometheus.version>
     <datasketches.version>0.8.3</datasketches.version>
-    <httpclient.version>4.5.5</httpclient.version>
+    <httpclient.version>4.5.13</httpclient.version>
     <protobuf.version>3.14.0</protobuf.version>
     <protoc3.version>3.14.0</protoc3.version>
     <protoc-gen-grpc-java.version>${grpc.version}</protoc-gen-grpc-java.version>