You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2019/09/19 23:57:42 UTC

[GitHub] [pulsar] merlimat opened a new pull request #5232: Upgrade dependencies for security fixes

merlimat opened a new pull request #5232: Upgrade dependencies for security fixes
URL: https://github.com/apache/pulsar/pull/5232
 
 
   ### Motivation
   
   Upgrade the version of several dependencies to include fixes for a series of vulnerabilities, as reported in #4057. 
   
   ### Modifications
   
    * Guava 21.0 -> 28.1
    * Commons Compress 1.15 -> 1.19
    * Jetty 9.4.12.v20180830 -> 9.4.20.v20190813
    * Netty 3.10.1.Final -> netty-3.10.6.Final (Netty 3.x is used by ZooKeeper)
   
   Pulsar SQL dependencies:
    * async-http-client 1.6.5 -> 1.9.40
    * Maven components 3.0.4 -> 3.6.2
   
   Note: jackson-databind was already upgraded in #5011
   
   
   Fix #4057

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services