You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@skywalking.apache.org by wu...@apache.org on 2022/11/11 07:56:45 UTC

[skywalking] branch master updated: Bump up Kafka client to 2.8.1 to fix CVE-2021-38153. (#9949)

This is an automated email from the ASF dual-hosted git repository.

wusheng pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/skywalking.git


The following commit(s) were added to refs/heads/master by this push:
     new 671cb02982 Bump up Kafka client to 2.8.1 to fix CVE-2021-38153. (#9949)
671cb02982 is described below

commit 671cb029823dd1a5b8aafce0a21819a515e9fa54
Author: 吴晟 Wu Sheng <wu...@foxmail.com>
AuthorDate: Fri Nov 11 15:56:39 2022 +0800

    Bump up Kafka client to 2.8.1 to fix CVE-2021-38153. (#9949)
---
 dist-material/release-docs/LICENSE | 22 +++++++++++-----------
 docs/en/changes/changes.md         |  3 ++-
 oap-server-bom/pom.xml             |  2 +-
 3 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/dist-material/release-docs/LICENSE b/dist-material/release-docs/LICENSE
index 6bb498a288..445941f2c1 100755
--- a/dist-material/release-docs/LICENSE
+++ b/dist-material/release-docs/LICENSE
@@ -355,6 +355,7 @@ The text of each license is the standard Apache 2.0 license.
     https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient/4.5.13 Apache-2.0
     https://mvnrepository.com/artifact/org.apache.httpcomponents/httpcore/4.4.13 Apache-2.0
     https://mvnrepository.com/artifact/org.apache.httpcomponents/httpcore-nio/4.4.13 Apache-2.0
+    https://mvnrepository.com/artifact/org.apache.kafka/kafka-clients/2.8.1 Apache-2.0
     https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-api/2.17.1 Apache-2.0
     https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/2.17.1 Apache-2.0
     https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-slf4j-impl/2.17.1 Apache-2.0
@@ -378,30 +379,21 @@ The text of each license is the standard Apache 2.0 license.
     https://mvnrepository.com/artifact/org.jetbrains.kotlinx/kotlinx-coroutines-jdk8/1.6.4 Apache-2.0
     https://mvnrepository.com/artifact/org.jetbrains.kotlinx/kotlinx-coroutines-reactive/1.6.4 Apache-2.0
     https://mvnrepository.com/artifact/org.jetbrains/annotations/13.0 Apache-2.0
-    https://mvnrepository.com/artifact/org.lz4/lz4-java/1.6.0 Apache-2.0
+    https://mvnrepository.com/artifact/org.lz4/lz4-java/1.7.1 Apache-2.0
     https://mvnrepository.com/artifact/org.mvel/mvel2/2.4.8.Final Apache-2.0
     https://mvnrepository.com/artifact/org.slf4j/jcl-over-slf4j/1.7.30 Apache-2.0
     https://mvnrepository.com/artifact/org.slf4j/log4j-over-slf4j/1.7.30 Apache-2.0
     https://mvnrepository.com/artifact/org.slf4j/slf4j-api/1.7.30 Apache-2.0
-    https://mvnrepository.com/artifact/org.xerial.snappy/snappy-java/1.1.7.3 Apache-2.0
+    https://mvnrepository.com/artifact/org.xerial.snappy/snappy-java/1.1.8.1 Apache-2.0
     https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.33 Apache-2.0
     https://npmjs.com/package/typescript/v/4.4.4 4.4.4 Apache-2.0
 
-========================================================================
-Apache-2.0 and CDDL-1.1 and BSD-3-Clause and BSD-2-Clause licenses
-========================================================================
-The following components are provided under the Apache-2.0 and CDDL-1.1 and BSD-3-Clause and BSD-2-Clause License. See project link for details.
-The text of each license is also included in licenses/LICENSE-[project].txt.
-
-    https://mvnrepository.com/artifact/org.apache.kafka/kafka-clients/2.4.1 Apache-2.0 and CDDL-1.1 and BSD-3-Clause and BSD-2-Clause
-
 ========================================================================
 BSD-2-Clause licenses
 ========================================================================
 The following components are provided under the BSD-2-Clause License. See project link for details.
 The text of each license is also included in licenses/LICENSE-[project].txt.
 
-    https://mvnrepository.com/artifact/com.github.luben/zstd-jni/1.4.3-1 BSD-2-Clause
     https://mvnrepository.com/artifact/org.postgresql/postgresql/42.4.1 BSD-2-Clause
 
 ========================================================================
@@ -629,6 +621,14 @@ The text of each license is also included in licenses/LICENSE-[project].txt.
 
     https://mvnrepository.com/artifact/com.google.re2j/re2j/1.5 https://golang.org/LICENSE
 
+========================================================================
+https://opensource.org/licenses/BSD-2-Clause;description=BSD 2-Clause License licenses
+========================================================================
+The following components are provided under the https://opensource.org/licenses/BSD-2-Clause;description=BSD 2-Clause License License. See project link for details.
+The text of each license is also included in licenses/LICENSE-[project].txt.
+
+    https://mvnrepository.com/artifact/com.github.luben/zstd-jni/1.4.9-1 https://opensource.org/licenses/BSD-2-Clause;description=BSD 2-Clause License
+
 ========================================================================
 https://spdx.org/licenses/MIT-0.html licenses
 ========================================================================
diff --git a/docs/en/changes/changes.md b/docs/en/changes/changes.md
index 7fea9928d8..606121aca5 100644
--- a/docs/en/changes/changes.md
+++ b/docs/en/changes/changes.md
@@ -105,7 +105,8 @@
 * Support span attached event concept in Zipkin and SkyWalking trace query.
 * Support span attached events on Zipkin lens UI.
 * Force UTF-8 encoding in `JsonLogHandler` of `kafka-fetcher-plugin`.
-* Fix max length to 512 of entity, instance and endpoint IDs in trace, log, profiling, topN tables(JDBC storages). The value was 200 by default. 
+* Fix max length to 512 of entity, instance and endpoint IDs in trace, log, profiling, topN tables(JDBC storages). The value was 200 by default.
+* Bump up Kafka client to 2.8.1 to fix CVE-2021-38153.
 
 #### UI
 
diff --git a/oap-server-bom/pom.xml b/oap-server-bom/pom.xml
index 67334bcfc5..1d30803b04 100644
--- a/oap-server-bom/pom.xml
+++ b/oap-server-bom/pom.xml
@@ -74,7 +74,7 @@
         <httpcore.version>4.4.13</httpcore.version>
         <commons-compress.version>1.21</commons-compress.version>
         <banyandb-java-client.version>0.2.0</banyandb-java-client.version>
-        <kafka-clients.version>2.4.1</kafka-clients.version>
+        <kafka-clients.version>2.8.1</kafka-clients.version>
         <spring-kafka-test.version>2.4.6.RELEASE</spring-kafka-test.version>
     </properties>