You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by xi...@apache.org on 2023/02/26 11:30:21 UTC
[pulsar] 01/04: [improve] Upgrade wildfly-eytron (used by debezium) to fix CVE-2022-3143 (#19333)
This is an automated email from the ASF dual-hosted git repository.
xiangying pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 2c591ae2d6371e466ea424058edcb6db8c683168
Author: Andrey Yegorov <86...@users.noreply.github.com>
AuthorDate: Sat Feb 4 05:04:05 2023 -0800
[improve] Upgrade wildfly-eytron (used by debezium) to fix CVE-2022-3143 (#19333)
(cherry picked from commit 71dafe89755272c1003daaec0457e79a22d663a1)
---
pom.xml | 4 +++-
pulsar-io/debezium/pom.xml | 40 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 43 insertions(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index ecbeccde621..b6577fba4a0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -162,6 +162,8 @@ flexible messaging model and an intuitive client API.</description>
<debezium.version>1.7.2.Final</debezium.version>
<debezium.postgresql.version>42.4.1</debezium.postgresql.version>
<debezium.mysql.version>8.0.28</debezium.mysql.version>
+ <!-- Override version that brings CVE-2022-3143 with debezium -->
+ <wildfly-elytron.version>1.15.16.Final</wildfly-elytron.version>
<jsonwebtoken.version>0.11.1</jsonwebtoken.version>
<opencensus.version>0.28.0</opencensus.version>
<hbase.version>2.4.9</hbase.version>
@@ -262,7 +264,7 @@ flexible messaging model and an intuitive client API.</description>
<errorprone-slf4j.version>0.1.4</errorprone-slf4j.version>
<j2objc-annotations.version>1.3</j2objc-annotations.version>
<lightproto-maven-plugin.version>0.4</lightproto-maven-plugin.version>
- <dependency-check-maven.version>7.4.4</dependency-check-maven.version>
+ <dependency-check-maven.version>8.0.1</dependency-check-maven.version>
<roaringbitmap.version>0.9.15</roaringbitmap.version>
<!-- Used to configure rename.netty.native. Libs -->
diff --git a/pulsar-io/debezium/pom.xml b/pulsar-io/debezium/pom.xml
index 30fd8cd3268..b630670d22e 100644
--- a/pulsar-io/debezium/pom.xml
+++ b/pulsar-io/debezium/pom.xml
@@ -31,6 +31,46 @@
<artifactId>pulsar-io-debezium</artifactId>
<name>Pulsar IO :: Debezium</name>
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.wildfly.security</groupId>
+ <artifactId>wildfly-elytron-sasl-digest</artifactId>
+ <version>${wildfly-elytron.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wildfly.security</groupId>
+ <artifactId>wildfly-elytron-sasl-external</artifactId>
+ <version>${wildfly-elytron.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wildfly.security</groupId>
+ <artifactId>wildfly-elytron-sasl-gs2</artifactId>
+ <version>${wildfly-elytron.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wildfly.security</groupId>
+ <artifactId>wildfly-elytron-sasl-oauth2</artifactId>
+ <version>${wildfly-elytron.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wildfly.security</groupId>
+ <artifactId>wildfly-elytron-sasl-plain</artifactId>
+ <version>${wildfly-elytron.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wildfly.security</groupId>
+ <artifactId>wildfly-elytron-sasl-scram</artifactId>
+ <version>${wildfly-elytron.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wildfly.security</groupId>
+ <artifactId>wildfly-elytron-password-impl</artifactId>
+ <version>${wildfly-elytron.version}</version>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+
<modules>
<module>core</module>
<module>mysql</module>