You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@druid.apache.org by gi...@apache.org on 2021/12/10 09:25:03 UTC

[druid] branch 0.22.1 updated (f493892 -> ad1ee13)

This is an automated email from the ASF dual-hosted git repository.

gian pushed a change to branch 0.22.1
in repository https://gitbox.apache.org/repos/asf/druid.git.


    from f493892  Adjust hive-storage-api version.
     new eeee2a0  Adjust log4j version in licenses.yaml.
     new 5d1e705  Suppress jedis CVE; no worse than 0.22.0.
     new ad1ee13  Fix the travis build (#11799)

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .travis.yml                             | 2 +-
 licenses.yaml                           | 2 +-
 owasp-dependency-check-suppressions.xml | 8 ++++++++
 3 files changed, 10 insertions(+), 2 deletions(-)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org

[druid] 02/03: Suppress jedis CVE; no worse than 0.22.0.

Posted by gi...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

gian pushed a commit to branch 0.22.1
in repository https://gitbox.apache.org/repos/asf/druid.git

commit 5d1e705b6e7cdf9225345838a7bfedf58ea67a2c
Author: Gian Merlino <gi...@imply.io>
AuthorDate: Fri Dec 10 01:02:26 2021 -0800

    Suppress jedis CVE; no worse than 0.22.0.
---
 owasp-dependency-check-suppressions.xml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/owasp-dependency-check-suppressions.xml b/owasp-dependency-check-suppressions.xml
index fac43ab..7ecfac0 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -402,4 +402,12 @@
      -->
     <cve>CVE-2021-40531</cve>
   </suppress>
+  <suppress>
+    <!-- Suppressed for 0.22.1 only -->
+    <notes><![CDATA[
+   file name: jedis
+   ]]></notes>
+    <packageUrl regex="true">^pkg:maven/redis\.clients/jedis@2\.9\.0$</packageUrl>
+    <cve>CVE-2021-32626</cve>
+  </suppress>
 </suppressions>

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org

[druid] 01/03: Adjust log4j version in licenses.yaml.

Posted by gi...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

gian pushed a commit to branch 0.22.1
in repository https://gitbox.apache.org/repos/asf/druid.git

commit eeee2a036eb74b234e37b68b97bb6e7ae022169e
Author: Gian Merlino <gi...@imply.io>
AuthorDate: Fri Dec 10 00:59:51 2021 -0800

    Adjust log4j version in licenses.yaml.
---
 licenses.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/licenses.yaml b/licenses.yaml
index 7e7042b..7bef0dbc 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -1789,7 +1789,7 @@ name: Apache Log4j
 license_category: binary
 module: java-core
 license_name: Apache License version 2.0
-version: 2.8.2
+version: 2.15.0
 libraries:
   - org.apache.logging.log4j: log4j-1.2-api
   - org.apache.logging.log4j: log4j-api

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org

[druid] 03/03: Fix the travis build (#11799)

Posted by gi...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

gian pushed a commit to branch 0.22.1
in repository https://gitbox.apache.org/repos/asf/druid.git

commit ad1ee1373fdf0840361532260b2cecf040ffd924
Author: Abhishek Agarwal <14...@users.noreply.github.com>
AuthorDate: Thu Oct 14 16:31:51 2021 +0530

    Fix the travis build (#11799)
---
 .travis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index dc995cd..bcf5015 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -94,7 +94,7 @@ jobs:
         - sudo apt-get update && sudo apt-get install python3 python3-pip python3-setuptools -y
         - ./check_test_suite.py && travis_terminate 0 || echo 'Continuing setup'
         - pip3 install wheel  # install wheel first explicitly
-        - pip3 install pyyaml
+        - pip3 install pyyaml==5.4.1
       script:
         - >
           ${MVN} apache-rat:check -Prat --fail-at-end

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org