You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@flink.apache.org by gy...@apache.org on 2022/07/25 15:43:16 UTC

[flink-kubernetes-operator] branch main updated: [FLINK-28637] Set explicit version for okhttp to fix vulnerability

This is an automated email from the ASF dual-hosted git repository.

gyfora pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/flink-kubernetes-operator.git


The following commit(s) were added to refs/heads/main by this push:
     new f8f8b962 [FLINK-28637] Set explicit version for okhttp to fix vulnerability
f8f8b962 is described below

commit f8f8b96273eae68b10bb24eff01c5d44db5b10f0
Author: Jeesmon Jacob <jj...@vmware.com>
AuthorDate: Fri Jul 22 12:11:43 2022 -0400

    [FLINK-28637] Set explicit version for okhttp to fix vulnerability
    
    Setting explicit version for okhttp until we can upgrade to
    new version of JSODK with the fix.
    
    Signed-off-by: Jeesmon Jacob <jj...@vmware.com>
---
 flink-kubernetes-operator/pom.xml   | 23 +++++++++++++++++++++++
 flink-kubernetes-standalone/pom.xml | 23 +++++++++++++++++++++++
 flink-kubernetes-webhook/pom.xml    | 23 +++++++++++++++++++++++
 pom.xml                             |  1 +
 4 files changed, 70 insertions(+)

diff --git a/flink-kubernetes-operator/pom.xml b/flink-kubernetes-operator/pom.xml
index cc1bef15..d2577b15 100644
--- a/flink-kubernetes-operator/pom.xml
+++ b/flink-kubernetes-operator/pom.xml
@@ -143,6 +143,29 @@ under the License.
             <version>${junit.jupiter.version}</version>
             <scope>test</scope>
         </dependency>
+
+        <!-- okhttp -->
+        <!--
+            Regarding the okhttp explicit version
+            see https://github.com/fabric8io/kubernetes-client/issues/4290
+            and https://issues.apache.org/jira/browse/FLINK-28637
+            -->
+        <dependency>
+            <groupId>com.squareup.okhttp3</groupId>
+            <artifactId>okhttp</artifactId>
+            <version>${okhttp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.squareup.okhttp3</groupId>
+            <artifactId>logging-interceptor</artifactId>
+            <version>${okhttp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.squareup.okhttp3</groupId>
+            <artifactId>mockwebserver</artifactId>
+            <version>${okhttp.version}</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/flink-kubernetes-standalone/pom.xml b/flink-kubernetes-standalone/pom.xml
index 6125efe3..0b31f41e 100644
--- a/flink-kubernetes-standalone/pom.xml
+++ b/flink-kubernetes-standalone/pom.xml
@@ -79,5 +79,28 @@ under the License.
             <version>${fabric8.version}</version>
             <scope>test</scope>
         </dependency>
+
+        <!-- okhttp -->
+        <!--
+            Regarding the okhttp explicit version
+            see https://github.com/fabric8io/kubernetes-client/issues/4290
+            and https://issues.apache.org/jira/browse/FLINK-28637
+            -->
+        <dependency>
+            <groupId>com.squareup.okhttp3</groupId>
+            <artifactId>okhttp</artifactId>
+            <version>${okhttp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.squareup.okhttp3</groupId>
+            <artifactId>logging-interceptor</artifactId>
+            <version>${okhttp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.squareup.okhttp3</groupId>
+            <artifactId>mockwebserver</artifactId>
+            <version>${okhttp.version}</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 </project>
diff --git a/flink-kubernetes-webhook/pom.xml b/flink-kubernetes-webhook/pom.xml
index 55e0cdfa..608c4123 100644
--- a/flink-kubernetes-webhook/pom.xml
+++ b/flink-kubernetes-webhook/pom.xml
@@ -73,6 +73,29 @@ under the License.
             <version>${flink.version}</version>
             <scope>test</scope>
         </dependency>
+
+        <!-- okhttp -->
+        <!--
+            Regarding the okhttp explicit version
+            see https://github.com/fabric8io/kubernetes-client/issues/4290
+            and https://issues.apache.org/jira/browse/FLINK-28637
+            -->
+        <dependency>
+            <groupId>com.squareup.okhttp3</groupId>
+            <artifactId>okhttp</artifactId>
+            <version>${okhttp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.squareup.okhttp3</groupId>
+            <artifactId>logging-interceptor</artifactId>
+            <version>${okhttp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.squareup.okhttp3</groupId>
+            <artifactId>mockwebserver</artifactId>
+            <version>${okhttp.version}</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/pom.xml b/pom.xml
index 6eddd541..26ed748b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -85,6 +85,7 @@ under the License.
 
         <hamcrest.version>1.3</hamcrest.version>
 
+        <okhttp.version>4.10.0</okhttp.version>
     </properties>
 
     <dependencyManagement>