You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by eo...@apache.org on 2021/04/18 10:52:36 UTC
[pulsar] branch master updated: Upgrade jclouds to 2.3.0 to fix
security vulnerabilities (#10149)
This is an automated email from the ASF dual-hosted git repository.
eolivelli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 756802d Upgrade jclouds to 2.3.0 to fix security vulnerabilities (#10149)
756802d is described below
commit 756802d3d4ebcc2c36f8ba5f8b050cad653a4cf0
Author: Lari Hotari <lh...@users.noreply.github.com>
AuthorDate: Sun Apr 18 13:51:49 2021 +0300
Upgrade jclouds to 2.3.0 to fix security vulnerabilities (#10149)
* Upgrade jclouds to 2.3.0 to fix security vulnerabilities
* Shade gson as part of jclouds-shaded
* Upgrade javax.annotation-api to 1.3.2
* Add javax.annotation:javax.annotation-api dependency
* Fix presto-distribution LICENSE
---
distribution/server/src/assemble/LICENSE.bin.txt | 2 +-
jclouds-shaded/pom.xml | 20 +++++---------------
pom.xml | 4 ++--
pulsar-sql/presto-distribution/LICENSE | 1 -
4 files changed, 8 insertions(+), 19 deletions(-)
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
index 81c547d..ae830a8 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -550,7 +550,7 @@ Protocol Buffers License
CDDL-1.1 -- licenses/LICENSE-CDDL-1.1.txt
* Java Annotations API
- - javax.annotation-javax.annotation-api-1.2.jar
+ - javax.annotation-javax.annotation-api-1.3.2.jar
- com.sun.activation-javax.activation-1.2.0.jar
- javax.xml.bind-jaxb-api-2.3.1.jar
* Java Servlet API -- javax.servlet-javax.servlet-api-3.1.0.jar
diff --git a/jclouds-shaded/pom.xml b/jclouds-shaded/pom.xml
index 5870686..11dff8a 100644
--- a/jclouds-shaded/pom.xml
+++ b/jclouds-shaded/pom.xml
@@ -39,19 +39,12 @@
<artifactId>jclouds-allblobstore</artifactId>
<version>${jclouds.version}</version>
</dependency>
+ <dependency>
+ <groupId>javax.annotation</groupId>
+ <artifactId>javax.annotation-api</artifactId>
+ </dependency>
</dependencies>
- <dependencyManagement>
- <dependencies>
- <!-- JClouds still is using Guava 18.0 and it won't work with newer versions -->
- <dependency>
- <groupId>com.google.guava</groupId>
- <artifactId>guava</artifactId>
- <version>18.0</version>
- </dependency>
- </dependencies>
- </dependencyManagement>
-
<build>
<plugins>
<plugin>
@@ -79,6 +72,7 @@
<include>com.google.inject.extensions:guice-assistedinject</include>
<include>com.google.inject:guice</include>
<include>com.google.inject.extensions:guice-multibindings</include>
+ <include>com.google.code.gson:gson</include>
<include>javax.ws.rs:*</include>
<include>com.jamesmurty.utils:*</include>
<include>net.iharder:*</include>
@@ -91,10 +85,6 @@
<relocations>
<relocation>
- <pattern>com.google.gson.internal</pattern>
- <shadedPattern>org.jclouds.json.gson.internal</shadedPattern>
- </relocation>
- <relocation>
<pattern>com.google</pattern>
<shadedPattern>org.apache.pulsar.jcloud.shade.com.google</shadedPattern>
</relocation>
diff --git a/pom.xml b/pom.xml
index 209dcc1..cfc773a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -142,7 +142,7 @@ flexible messaging model and an intuitive client API.</description>
<aws-sdk.version>1.11.774</aws-sdk.version>
<avro.version>1.10.2</avro.version>
<joda.version>2.10.1</joda.version>
- <jclouds.version>2.2.1</jclouds.version>
+ <jclouds.version>2.3.0</jclouds.version>
<sqlite-jdbc.version>3.8.11.2</sqlite-jdbc.version>
<mysql-jdbc.version>8.0.11</mysql-jdbc.version>
<postgresql-jdbc.version>42.2.12</postgresql-jdbc.version>
@@ -181,7 +181,7 @@ flexible messaging model and an intuitive client API.</description>
<spark-streaming_2.10.version>2.1.0</spark-streaming_2.10.version>
<assertj-core.version>3.18.1</assertj-core.version>
<lombok.version>1.18.18</lombok.version>
- <javax.annotation-api.version>1.2</javax.annotation-api.version>
+ <javax.annotation-api.version>1.3.2</javax.annotation-api.version>
<jaxb-api>2.3.1</jaxb-api>
<javax.activation.version>1.2.0</javax.activation.version>
<jna.version>4.2.0</jna.version>
diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE
index 82b6f30..993261d 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -508,7 +508,6 @@ CDDL - 1.0
CDDL-1.1 -- licenses/LICENSE-CDDL-1.1.txt
* Java Annotations API
- - javax.annotation-api-1.2.jar
- javax.annotation-api-1.3.2.jar
- javax.activation-1.2.0.jar
- javax.activation-api-1.2.0.jar