You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@flink.apache.org by ch...@apache.org on 2019/01/09 10:02:20 UTC

[flink] branch release-1.7 updated: [FLINK-11207][build] Bump commons-compress to 1.18

This is an automated email from the ASF dual-hosted git repository.

chesnay pushed a commit to branch release-1.7
in repository https://gitbox.apache.org/repos/asf/flink.git


The following commit(s) were added to refs/heads/release-1.7 by this push:
     new d209ed3  [FLINK-11207][build] Bump commons-compress to 1.18
d209ed3 is described below

commit d209ed356978d04bc0bd426877fae20bfb455b8c
Author: Nico Kruber <ni...@gmail.com>
AuthorDate: Wed Jan 9 11:00:43 2019 +0100

    [FLINK-11207][build] Bump commons-compress to 1.18
    
    This addresses CVE-2018-11771.
---
 NOTICE-binary                                                       | 6 +++---
 flink-dist/src/main/resources/META-INF/NOTICE                       | 2 +-
 .../flink-swift-fs-hadoop/src/main/resources/META-INF/NOTICE        | 2 +-
 .../flink-shaded-hadoop2-uber/src/main/resources/META-INF/NOTICE    | 2 +-
 pom.xml                                                             | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/NOTICE-binary b/NOTICE-binary
index 0b10a27..2619dba 100644
--- a/NOTICE-binary
+++ b/NOTICE-binary
@@ -64,7 +64,7 @@ This project bundles the following dependencies under the Apache Software Licens
 - commons-collections:commons-collections:3.2.2
 - commons-io:commons-io:2.4
 - org.apache.camel:camel-core:2.17.7
-- org.apache.commons:commons-compress:1.4.1
+- org.apache.commons:commons-compress:1.18
 - org.apache.commons:commons-lang3:3.3.2
 - org.apache.commons:commons-math3:3.5
 - org.javassist:javassist:3.19.0-GA
@@ -344,7 +344,7 @@ This project bundles the following dependencies under the Apache Software Licens
 - org.apache.htrace:htrace-core4:4.0.1-incubating
 - org.apache.httpcomponents:httpclient:4.5.3
 - org.apache.httpcomponents:httpcore:4.4.6
-- org.apache.commons:commons-compress:1.4.1
+- org.apache.commons:commons-compress:1.18
 - org.apache.commons:commons-math3:3.5
 - commons-beanutils:commons-beanutils:1.8.3
 - commons-cli:commons-cli:1.3.1
@@ -2412,7 +2412,7 @@ This project bundles the following dependencies under the Apache Software Licens
 - commons-logging:commons-logging:1.1.3
 - commons-net:commons-net:3.1
 - org.apache.avro:avro:1.8.2
-- org.apache.commons:commons-compress:1.4.1
+- org.apache.commons:commons-compress:1.18
 - org.apache.commons:commons-math3:3.5
 - org.apache.zookeeper:zookeeper:3.4.10
 - org.codehaus.jackson:jackson-core-asl:1.9.13
diff --git a/flink-dist/src/main/resources/META-INF/NOTICE b/flink-dist/src/main/resources/META-INF/NOTICE
index 7088b1a..442787a 100644
--- a/flink-dist/src/main/resources/META-INF/NOTICE
+++ b/flink-dist/src/main/resources/META-INF/NOTICE
@@ -20,7 +20,7 @@ This project bundles the following dependencies under the Apache Software Licens
 - commons-collections:commons-collections:3.2.2
 - commons-io:commons-io:2.4
 - org.apache.camel:camel-core:2.17.7
-- org.apache.commons:commons-compress:1.4.1
+- org.apache.commons:commons-compress:1.18
 - org.apache.commons:commons-lang3:3.3.2
 - org.apache.commons:commons-math3:3.5
 - org.javassist:javassist:3.19.0-GA
diff --git a/flink-filesystems/flink-swift-fs-hadoop/src/main/resources/META-INF/NOTICE b/flink-filesystems/flink-swift-fs-hadoop/src/main/resources/META-INF/NOTICE
index 1d4bcc1..9f2c635 100644
--- a/flink-filesystems/flink-swift-fs-hadoop/src/main/resources/META-INF/NOTICE
+++ b/flink-filesystems/flink-swift-fs-hadoop/src/main/resources/META-INF/NOTICE
@@ -16,7 +16,7 @@ This project bundles the following dependencies under the Apache Software Licens
 - org.apache.htrace:htrace-core4:4.0.1-incubating
 - org.apache.httpcomponents:httpclient:4.5.3
 - org.apache.httpcomponents:httpcore:4.4.6
-- org.apache.commons:commons-compress:1.4.1
+- org.apache.commons:commons-compress:1.18
 - org.apache.commons:commons-math3:3.5
 - commons-beanutils:commons-beanutils:1.8.3
 - commons-cli:commons-cli:1.3.1
diff --git a/flink-shaded-hadoop/flink-shaded-hadoop2-uber/src/main/resources/META-INF/NOTICE b/flink-shaded-hadoop/flink-shaded-hadoop2-uber/src/main/resources/META-INF/NOTICE
index ad28a9b..f6d007d 100644
--- a/flink-shaded-hadoop/flink-shaded-hadoop2-uber/src/main/resources/META-INF/NOTICE
+++ b/flink-shaded-hadoop/flink-shaded-hadoop2-uber/src/main/resources/META-INF/NOTICE
@@ -19,7 +19,7 @@ This project bundles the following dependencies under the Apache Software Licens
 - commons-logging:commons-logging:1.1.3
 - commons-net:commons-net:3.1
 - org.apache.avro:avro:1.8.2
-- org.apache.commons:commons-compress:1.4.1
+- org.apache.commons:commons-compress:1.18
 - org.apache.commons:commons-math3:3.5
 - org.apache.zookeeper:zookeeper:3.4.10
 - org.codehaus.jackson:jackson-core-asl:1.9.13
diff --git a/pom.xml b/pom.xml
index f3fa414..b6e346a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -429,7 +429,7 @@ under the License.
 			<dependency>
 				<groupId>org.apache.commons</groupId>
 				<artifactId>commons-compress</artifactId>
-				<version>1.4.1</version>
+				<version>1.18</version>
 			</dependency>
 
 			<!-- Managed dependency required for HBase in flink-hbase -->