You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@linkis.apache.org by pe...@apache.org on 2022/04/15 07:45:55 UTC
[incubator-linkis] branch dev-1.1.2 updated: [Feature][1.1.2] upgrade protobuf-java due to security vulnerabilities #1827 (#1974)
This is an automated email from the ASF dual-hosted git repository.
peacewong pushed a commit to branch dev-1.1.2
in repository https://gitbox.apache.org/repos/asf/incubator-linkis.git
The following commit(s) were added to refs/heads/dev-1.1.2 by this push:
new 06264e58b [Feature][1.1.2] upgrade protobuf-java due to security vulnerabilities #1827 (#1974)
06264e58b is described below
commit 06264e58bb966d70d4a6be3eee32df43a6af55d3
Author: huapan123456 <11...@qq.com>
AuthorDate: Fri Apr 15 15:45:51 2022 +0800
[Feature][1.1.2] upgrade protobuf-java due to security vulnerabilities #1827 (#1974)
Co-authored-by: huapan@52tt.com <huapan123456>
---
.../public-module-combined/pom.xml | 11 +++++++++
linkis-commons/linkis-hadoop-common/pom.xml | 4 ++++
linkis-commons/linkis-storage/pom.xml | 12 ++++++++++
.../engineconn-plugins/flink/pom.xml | 26 ++++++++++++++++++++++
.../engineconn-plugins/spark/pom.xml | 20 +++++++++++++++--
5 files changed, 71 insertions(+), 2 deletions(-)
diff --git a/assembly-combined-package/assembly-combined/public-module-combined/pom.xml b/assembly-combined-package/assembly-combined/public-module-combined/pom.xml
index 816b92aed..ed4e53e10 100644
--- a/assembly-combined-package/assembly-combined/public-module-combined/pom.xml
+++ b/assembly-combined-package/assembly-combined/public-module-combined/pom.xml
@@ -109,8 +109,19 @@
<artifactId>log4j</artifactId>
<groupId>log4j</groupId>
</exclusion>
+ <exclusion>
+ <artifactId>protobuf-java</artifactId>
+ <groupId>com.google.protobuf</groupId>
+ </exclusion>
</exclusions>
</dependency>
+
+ <dependency>
+ <artifactId>protobuf-java</artifactId>
+ <groupId>com.google.protobuf</groupId>
+ <version>${protobuf.version}</version>
+ </dependency>
+
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
diff --git a/linkis-commons/linkis-hadoop-common/pom.xml b/linkis-commons/linkis-hadoop-common/pom.xml
index 85f6abcec..4000adf06 100644
--- a/linkis-commons/linkis-hadoop-common/pom.xml
+++ b/linkis-commons/linkis-hadoop-common/pom.xml
@@ -223,6 +223,10 @@
<groupId>org.mortbay.jetty</groupId>
<artifactId>jetty-util</artifactId>
</exclusion>
+ <exclusion>
+ <artifactId>protobuf-java</artifactId>
+ <groupId>com.google.protobuf</groupId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git a/linkis-commons/linkis-storage/pom.xml b/linkis-commons/linkis-storage/pom.xml
index c907b3979..e61e287c2 100644
--- a/linkis-commons/linkis-storage/pom.xml
+++ b/linkis-commons/linkis-storage/pom.xml
@@ -43,6 +43,18 @@
<groupId>org.apache.linkis</groupId>
<artifactId>linkis-hadoop-common</artifactId>
<version>${linkis.version}</version>
+ <exclusions>
+ <exclusion>
+ <artifactId>protobuf-java</artifactId>
+ <groupId>com.google.protobuf</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
+ <dependency>
+ <artifactId>protobuf-java</artifactId>
+ <groupId>com.google.protobuf</groupId>
+ <version>${protobuf.version}</version>
</dependency>
<dependency>
diff --git a/linkis-engineconn-plugins/engineconn-plugins/flink/pom.xml b/linkis-engineconn-plugins/engineconn-plugins/flink/pom.xml
index 1ec7c68ec..4d754d55c 100644
--- a/linkis-engineconn-plugins/engineconn-plugins/flink/pom.xml
+++ b/linkis-engineconn-plugins/engineconn-plugins/flink/pom.xml
@@ -268,6 +268,10 @@
<artifactId>log4j</artifactId>
<groupId>log4j</groupId>
</exclusion>
+ <exclusion>
+ <artifactId>protobuf-java</artifactId>
+ <groupId>com.google.protobuf</groupId>
+ </exclusion>
</exclusions>
</dependency>
@@ -280,6 +284,10 @@
<artifactId>commons-logging</artifactId>
<groupId>commons-logging</groupId>
</exclusion>
+ <exclusion>
+ <artifactId>protobuf-java</artifactId>
+ <groupId>com.google.protobuf</groupId>
+ </exclusion>
</exclusions>
</dependency>
@@ -325,6 +333,10 @@
<artifactId>log4j</artifactId>
<groupId>log4j</groupId>
</exclusion>
+ <exclusion>
+ <artifactId>protobuf-java</artifactId>
+ <groupId>com.google.protobuf</groupId>
+ </exclusion>
</exclusions>
</dependency>
@@ -341,6 +353,10 @@
<artifactId>log4j</artifactId>
<groupId>log4j</groupId>
</exclusion>
+ <exclusion>
+ <artifactId>protobuf-java</artifactId>
+ <groupId>com.google.protobuf</groupId>
+ </exclusion>
</exclusions>
</dependency>
@@ -393,10 +409,20 @@
<groupId>org.json4s</groupId>
<artifactId>json4s-jackson_${scala.binary.version}</artifactId>
</exclusion>
+ <exclusion>
+ <artifactId>protobuf-java</artifactId>
+ <groupId>com.google.protobuf</groupId>
+ </exclusion>
</exclusions>
<scope>provided</scope>
</dependency>
+ <dependency>
+ <artifactId>protobuf-java</artifactId>
+ <groupId>com.google.protobuf</groupId>
+ <version>${protobuf.version}</version>
+ </dependency>
+
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-exec</artifactId>
diff --git a/linkis-engineconn-plugins/engineconn-plugins/spark/pom.xml b/linkis-engineconn-plugins/engineconn-plugins/spark/pom.xml
index a11ca5235..dc940d18c 100644
--- a/linkis-engineconn-plugins/engineconn-plugins/spark/pom.xml
+++ b/linkis-engineconn-plugins/engineconn-plugins/spark/pom.xml
@@ -15,7 +15,7 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
-
+
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
@@ -125,10 +125,18 @@
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-client</artifactId>
</exclusion>
-
+ <exclusion>
+ <artifactId>protobuf-java</artifactId>
+ <groupId>com.google.protobuf</groupId>
+ </exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <artifactId>protobuf-java</artifactId>
+ <groupId>com.google.protobuf</groupId>
+ <version>${protobuf.version}</version>
+ </dependency>
<dependency>
<groupId>org.apache.commons</groupId>
@@ -252,6 +260,10 @@
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</exclusion>
+ <exclusion>
+ <artifactId>protobuf-java</artifactId>
+ <groupId>com.google.protobuf</groupId>
+ </exclusion>
</exclusions>
</dependency>
@@ -290,6 +302,10 @@
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-client</artifactId>
</exclusion>
+ <exclusion>
+ <artifactId>protobuf-java</artifactId>
+ <groupId>com.google.protobuf</groupId>
+ </exclusion>
</exclusions>
</dependency>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@linkis.apache.org
For additional commands, e-mail: commits-help@linkis.apache.org