You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@flink.apache.org by gy...@apache.org on 2022/07/25 15:43:56 UTC
[flink-kubernetes-operator] branch release-1.1 updated: [FLINK-28637] Set explicit version for okhttp to fix vulnerability
This is an automated email from the ASF dual-hosted git repository.
gyfora pushed a commit to branch release-1.1
in repository https://gitbox.apache.org/repos/asf/flink-kubernetes-operator.git
The following commit(s) were added to refs/heads/release-1.1 by this push:
new 651a165f [FLINK-28637] Set explicit version for okhttp to fix vulnerability
651a165f is described below
commit 651a165f542bb1a491e0e23fbd3ca98eccacde79
Author: Jeesmon Jacob <jj...@vmware.com>
AuthorDate: Fri Jul 22 12:34:39 2022 -0400
[FLINK-28637] Set explicit version for okhttp to fix vulnerability
Setting explicit version for okhttp until we can upgrade to
new version of JSODK with the fix.
Signed-off-by: Jeesmon Jacob <jj...@vmware.com>
---
flink-kubernetes-operator/pom.xml | 23 +++++++++++++++++++++++
flink-kubernetes-webhook/pom.xml | 23 +++++++++++++++++++++++
pom.xml | 2 ++
3 files changed, 48 insertions(+)
diff --git a/flink-kubernetes-operator/pom.xml b/flink-kubernetes-operator/pom.xml
index b8127cda..db797f3d 100644
--- a/flink-kubernetes-operator/pom.xml
+++ b/flink-kubernetes-operator/pom.xml
@@ -143,6 +143,29 @@ under the License.
<version>${junit.jupiter.version}</version>
<scope>test</scope>
</dependency>
+
+ <!-- okhttp -->
+ <!--
+ Regarding the okhttp explicit version
+ see https://github.com/fabric8io/kubernetes-client/issues/4290
+ and https://issues.apache.org/jira/browse/FLINK-28637
+ -->
+ <dependency>
+ <groupId>com.squareup.okhttp3</groupId>
+ <artifactId>okhttp</artifactId>
+ <version>${okhttp.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>com.squareup.okhttp3</groupId>
+ <artifactId>logging-interceptor</artifactId>
+ <version>${okhttp.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>com.squareup.okhttp3</groupId>
+ <artifactId>mockwebserver</artifactId>
+ <version>${okhttp.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
diff --git a/flink-kubernetes-webhook/pom.xml b/flink-kubernetes-webhook/pom.xml
index 853092dd..ae484e14 100644
--- a/flink-kubernetes-webhook/pom.xml
+++ b/flink-kubernetes-webhook/pom.xml
@@ -73,6 +73,29 @@ under the License.
<version>${flink.version}</version>
<scope>test</scope>
</dependency>
+
+ <!-- okhttp -->
+ <!--
+ Regarding the okhttp explicit version
+ see https://github.com/fabric8io/kubernetes-client/issues/4290
+ and https://issues.apache.org/jira/browse/FLINK-28637
+ -->
+ <dependency>
+ <groupId>com.squareup.okhttp3</groupId>
+ <artifactId>okhttp</artifactId>
+ <version>${okhttp.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>com.squareup.okhttp3</groupId>
+ <artifactId>logging-interceptor</artifactId>
+ <version>${okhttp.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>com.squareup.okhttp3</groupId>
+ <artifactId>mockwebserver</artifactId>
+ <version>${okhttp.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
diff --git a/pom.xml b/pom.xml
index b407119a..bcd11676 100644
--- a/pom.xml
+++ b/pom.xml
@@ -81,6 +81,8 @@ under the License.
<spotless.version>2.4.2</spotless.version>
<it.skip>true</it.skip>
+
+ <okhttp.version>4.10.0</okhttp.version>
</properties>
<dependencyManagement>