You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by xi...@apache.org on 2024/01/11 12:08:18 UTC
(pulsar) branch branch-2.11 updated (036f7918a71 -> 1facababe9d)
This is an automated email from the ASF dual-hosted git repository.
xiangying pushed a change to branch branch-2.11
in repository https://gitbox.apache.org/repos/asf/pulsar.git
from 036f7918a71 [fix][sec] Upgrade Netty to 4.1.100 to address CVE-2023-44487 (#21397)
new 199c65e03d2 [fix][misc] Bump GRPC version to 1.55.3 to fix CVE (#21057)
new 1facababe9d [fix][sec] Bump avro version to 1.11.3 for CVE-2023-39410 (#21341)
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
distribution/server/src/assemble/LICENSE.bin.txt | 40 +++++++++++-----------
pom.xml | 6 ++--
.../SchemaCompatibilityCheckTest.java | 2 +-
.../client/impl/schema/ProtobufSchemaTest.java | 6 ++--
pulsar-sql/presto-distribution/LICENSE | 24 ++++++-------
5 files changed, 39 insertions(+), 39 deletions(-)
(pulsar) 01/02: [fix][misc] Bump GRPC version to 1.55.3 to fix CVE (#21057)
Posted by xi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
xiangying pushed a commit to branch branch-2.11
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 199c65e03d23c39a0aec92aa887942d36101089f
Author: Qiang Zhao <ma...@apache.org>
AuthorDate: Tue Aug 29 19:15:03 2023 +0800
[fix][misc] Bump GRPC version to 1.55.3 to fix CVE (#21057)
(cherry picked from commit 6ff83b6f8ab34bcb9045a2c249c8b14608dd965d)
(cherry picked from commit 969b0084bfa06f4f67e4ab399312cf64b1f46715)
---
distribution/server/src/assemble/LICENSE.bin.txt | 36 ++++++++++++------------
pom.xml | 4 +--
pulsar-sql/presto-distribution/LICENSE | 20 ++++++-------
3 files changed, 30 insertions(+), 30 deletions(-)
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
index 3d9c943f0bb..6b836b8e12a 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -322,7 +322,7 @@ The Apache Software License, Version 2.0
- com.fasterxml.jackson.module-jackson-module-jsonSchema-2.14.2.jar
* Caffeine -- com.github.ben-manes.caffeine-caffeine-2.9.1.jar
* Conscrypt -- org.conscrypt-conscrypt-openjdk-uber-2.5.2.jar
- * Proto Google Common Protos -- com.google.api.grpc-proto-google-common-protos-2.0.1.jar
+ * Proto Google Common Protos -- com.google.api.grpc-proto-google-common-protos-2.9.0.jar
* Bitbucket -- org.bitbucket.b_c-jose4j-0.9.3.jar
* Gson
- com.google.code.gson-gson-2.8.9.jar
@@ -470,24 +470,24 @@ The Apache Software License, Version 2.0
- org.jetbrains.kotlin-kotlin-stdlib-jdk8-1.8.20.jar
- org.jetbrains-annotations-13.0.jar
* gRPC
- - io.grpc-grpc-all-1.45.1.jar
- - io.grpc-grpc-auth-1.45.1.jar
- - io.grpc-grpc-context-1.45.1.jar
- - io.grpc-grpc-core-1.45.1.jar
- - io.grpc-grpc-netty-1.45.1.jar
- - io.grpc-grpc-protobuf-1.45.1.jar
- - io.grpc-grpc-protobuf-lite-1.45.1.jar
- - io.grpc-grpc-stub-1.45.1.jar
- - io.grpc-grpc-alts-1.45.1.jar
- - io.grpc-grpc-api-1.45.1.jar
- - io.grpc-grpc-grpclb-1.45.1.jar
- - io.grpc-grpc-netty-shaded-1.45.1.jar
- - io.grpc-grpc-services-1.45.1.jar
- - io.grpc-grpc-xds-1.45.1.jar
- - io.grpc-grpc-rls-1.45.1.jar
+ - io.grpc-grpc-all-1.55.3.jar
+ - io.grpc-grpc-auth-1.55.3.jar
+ - io.grpc-grpc-context-1.55.3.jar
+ - io.grpc-grpc-core-1.55.3.jar
+ - io.grpc-grpc-netty-1.55.3.jar
+ - io.grpc-grpc-protobuf-1.55.3.jar
+ - io.grpc-grpc-protobuf-lite-1.55.3.jar
+ - io.grpc-grpc-stub-1.55.3.jar
+ - io.grpc-grpc-alts-1.55.3.jar
+ - io.grpc-grpc-api-1.55.3.jar
+ - io.grpc-grpc-grpclb-1.55.3.jar
+ - io.grpc-grpc-netty-shaded-1.55.3.jar
+ - io.grpc-grpc-services-1.55.3.jar
+ - io.grpc-grpc-xds-1.55.3.jar
+ - io.grpc-grpc-rls-1.55.3.jar
- com.google.auto.service-auto-service-annotations-1.0.jar
* Perfmark
- - io.perfmark-perfmark-api-0.19.0.jar
+ - io.perfmark-perfmark-api-0.26.0.jar
* OpenCensus
- io.opencensus-opencensus-api-0.28.0.jar
- io.opencensus-opencensus-contrib-http-util-0.28.0.jar
@@ -537,7 +537,7 @@ The Apache Software License, Version 2.0
- com.google.http-client-google-http-client-gson-1.41.0.jar
- com.google.http-client-google-http-client-1.41.0.jar
- com.google.auto.value-auto-value-annotations-1.9.jar
- - com.google.re2j-re2j-1.5.jar
+ - com.google.re2j-re2j-1.6.jar
* Jetcd
- io.etcd-jetcd-common-0.5.11.jar
- io.etcd-jetcd-core-0.5.11.jar
diff --git a/pom.xml b/pom.xml
index 4e3de5b9020..7ceb7a87ca7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -145,9 +145,9 @@ flexible messaging model and an intuitive client API.</description>
<typetools.version>0.5.0</typetools.version>
<protobuf3.version>3.19.6</protobuf3.version>
<protoc3.version>${protobuf3.version}</protoc3.version>
- <grpc.version>1.45.1</grpc.version>
+ <grpc.version>1.55.3</grpc.version>
<google-http-client.version>1.41.0</google-http-client.version>
- <perfmark.version>0.19.0</perfmark.version>
+ <perfmark.version>0.26.0</perfmark.version>
<protoc-gen-grpc-java.version>${grpc.version}</protoc-gen-grpc-java.version>
<gson.version>2.8.9</gson.version>
<system-lambda.version>1.2.1</system-lambda.version>
diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE
index 0de630db167..e705cd13d02 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -258,14 +258,14 @@ The Apache Software License, Version 2.0
- netty-transport-native-unix-common-4.1.100.Final-linux-x86_64.jar
- netty-codec-http2-4.1.100.Final.jar
* GRPC
- - grpc-api-1.45.1.jar
- - grpc-context-1.45.1.jar
- - grpc-core-1.45.1.jar
- - grpc-grpclb-1.45.1.jar
- - grpc-netty-1.45.1.jar
- - grpc-protobuf-1.45.1.jar
- - grpc-protobuf-lite-1.45.1.jar
- - grpc-stub-1.45.1.jar
+ - grpc-api-1.55.3.jar
+ - grpc-context-1.55.3.jar
+ - grpc-core-1.55.3.jar
+ - grpc-grpclb-1.55.3.jar
+ - grpc-netty-1.55.3.jar
+ - grpc-protobuf-1.55.3.jar
+ - grpc-protobuf-lite-1.55.3.jar
+ - grpc-stub-1.55.3.jar
* JEtcd
- jetcd-common-0.5.11.jar
- jetcd-core-0.5.11.jar
@@ -486,7 +486,7 @@ The Apache Software License, Version 2.0
* Swagger
- swagger-annotations-1.6.10.jar
* Perfmark
- - perfmark-api-0.19.0.jar
+ - perfmark-api-0.26.0.jar
* Annotations
- auto-service-annotations-1.0.jar
* AMQP
@@ -496,7 +496,7 @@ Protocol Buffers License
* Protocol Buffers
- protobuf-java-3.19.6.jar
- protobuf-java-util-3.19.6.jar
- - proto-google-common-protos-2.0.1.jar
+ - proto-google-common-protos-2.9.0.jar
BSD 3-clause "New" or "Revised" License
* RE2J TD -- re2j-td-1.4.jar
(pulsar) 02/02: [fix][sec] Bump avro version to 1.11.3 for CVE-2023-39410 (#21341)
Posted by xi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
xiangying pushed a commit to branch branch-2.11
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 1facababe9de9d1d9907825aba131bc9f94a6015
Author: tison <wa...@gmail.com>
AuthorDate: Tue Oct 17 09:38:02 2023 +0800
[fix][sec] Bump avro version to 1.11.3 for CVE-2023-39410 (#21341)
Signed-off-by: tison <wa...@gmail.com>
(cherry picked from commit f5222d6b1f64d14029f8fef3e0108cf74ffefded)
(cherry picked from commit 5f282575401948fedd18e8438627b806112736b0)
---
distribution/server/src/assemble/LICENSE.bin.txt | 4 ++--
pom.xml | 2 +-
.../pulsar/schema/compatibility/SchemaCompatibilityCheckTest.java | 2 +-
.../org/apache/pulsar/client/impl/schema/ProtobufSchemaTest.java | 6 +++---
pulsar-sql/presto-distribution/LICENSE | 4 ++--
5 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
index 6b836b8e12a..4c94adc056a 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -496,8 +496,8 @@ The Apache Software License, Version 2.0
- net.jodah-typetools-0.5.0.jar
- net.jodah-failsafe-2.4.4.jar
* Apache Avro
- - org.apache.avro-avro-1.10.2.jar
- - org.apache.avro-avro-protobuf-1.10.2.jar
+ - org.apache.avro-avro-1.11.3.jar
+ - org.apache.avro-avro-protobuf-1.11.3.jar
* Apache Curator
- org.apache.curator-curator-client-5.1.0.jar
- org.apache.curator-curator-framework-5.1.0.jar
diff --git a/pom.xml b/pom.xml
index 7ceb7a87ca7..abf70651f5b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -158,7 +158,7 @@ flexible messaging model and an intuitive client API.</description>
<kafka-client.version>2.7.2</kafka-client.version>
<rabbitmq-client.version>5.5.3</rabbitmq-client.version>
<aws-sdk.version>1.12.262</aws-sdk.version>
- <avro.version>1.10.2</avro.version>
+ <avro.version>1.11.3</avro.version>
<joda.version>2.10.5</joda.version>
<jclouds.version>2.5.0</jclouds.version>
<guice.version>5.1.0</guice.version>
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/schema/compatibility/SchemaCompatibilityCheckTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/schema/compatibility/SchemaCompatibilityCheckTest.java
index 1167eff2ab0..61157b5582f 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/schema/compatibility/SchemaCompatibilityCheckTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/schema/compatibility/SchemaCompatibilityCheckTest.java
@@ -407,7 +407,7 @@ public class SchemaCompatibilityCheckTest extends MockedPulsarServiceBaseTest {
assertEquals(admin.namespaces().getSchemaCompatibilityStrategy(namespaceName.toString()),
SchemaCompatibilityStrategy.UNDEFINED);
byte[] changeSchemaBytes = (new String(Schema.AVRO(Schemas.PersonOne.class)
- .getSchemaInfo().getSchema(), UTF_8) + "/n /n /n").getBytes();
+ .getSchemaInfo().getSchema(), UTF_8) + "\n \n \n").getBytes();
SchemaInfo schemaInfo = SchemaInfo.builder().type(SchemaType.AVRO).schema(changeSchemaBytes).build();
admin.schemas().createSchema(fqtn, schemaInfo);
diff --git a/pulsar-client/src/test/java/org/apache/pulsar/client/impl/schema/ProtobufSchemaTest.java b/pulsar-client/src/test/java/org/apache/pulsar/client/impl/schema/ProtobufSchemaTest.java
index 7f3eed12f31..06a35234ee9 100644
--- a/pulsar-client/src/test/java/org/apache/pulsar/client/impl/schema/ProtobufSchemaTest.java
+++ b/pulsar-client/src/test/java/org/apache/pulsar/client/impl/schema/ProtobufSchemaTest.java
@@ -41,20 +41,20 @@ public class ProtobufSchemaTest {
"\"namespace\":\"org.apache.pulsar.client.schema.proto.Test\"," +
"\"fields\":[{\"name\":\"stringField\",\"type\":{\"type\":\"string\"," +
"\"avro.java.string\":\"String\"},\"default\":\"\"},{\"name\":\"doubleField\"," +
- "\"type\":\"double\",\"default\":0},{\"name\":\"intField\",\"type\":\"int\"," +
+ "\"type\":\"double\",\"default\":0.0},{\"name\":\"intField\",\"type\":\"int\"," +
"\"default\":0},{\"name\":\"testEnum\",\"type\":{\"type\":\"enum\"," +
"\"name\":\"TestEnum\",\"symbols\":[\"SHARED\",\"FAILOVER\"]}," +
"\"default\":\"SHARED\"},{\"name\":\"nestedField\"," +
"\"type\":[\"null\",{\"type\":\"record\",\"name\":\"SubMessage\"," +
"\"fields\":[{\"name\":\"foo\",\"type\":{\"type\":\"string\"," +
"\"avro.java.string\":\"String\"},\"default\":\"\"}" +
- ",{\"name\":\"bar\",\"type\":\"double\",\"default\":0}]}]" +
+ ",{\"name\":\"bar\",\"type\":\"double\",\"default\":0.0}]}]" +
",\"default\":null},{\"name\":\"repeatedField\",\"type\":{\"type\":\"array\"" +
",\"items\":{\"type\":\"string\",\"avro.java.string\":\"String\"}},\"default\":[]}" +
",{\"name\":\"externalMessage\",\"type\":[\"null\",{\"type\":\"record\"" +
",\"name\":\"ExternalMessage\",\"namespace\":\"org.apache.pulsar.client.schema.proto.ExternalTest\"" +
",\"fields\":[{\"name\":\"stringField\",\"type\":{\"type\":\"string\",\"avro.java.string\":\"String\"}," +
- "\"default\":\"\"},{\"name\":\"doubleField\",\"type\":\"double\",\"default\":0}]}],\"default\":null}]}";
+ "\"default\":\"\"},{\"name\":\"doubleField\",\"type\":\"double\",\"default\":0.0}]}],\"default\":null}]}";
private static final String EXPECTED_PARSING_INFO = "{\"__alwaysAllowNull\":\"true\",\"__jsr310ConversionEnabled\":\"false\"," +
"\"__PARSING_INFO__\":\"[{\\\"number\\\":1,\\\"name\\\":\\\"stringField\\\",\\\"type\\\":\\\"STRING\\\"," +
diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE
index e705cd13d02..6dfc35dc3e3 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -384,8 +384,8 @@ The Apache Software License, Version 2.0
* Apache XBean :: Reflect
- xbean-reflect-3.4.jar
* Avro
- - avro-1.10.2.jar
- - avro-protobuf-1.10.2.jar
+ - avro-1.11.3.jar
+ - avro-protobuf-1.11.3.jar
* Caffeine
- caffeine-2.9.1.jar
* Javax