You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by mm...@apache.org on 2022/06/09 18:15:20 UTC
[pulsar] branch branch-2.10 updated (a082bf41358 -> d8a3048e1c1)
This is an automated email from the ASF dual-hosted git repository.
mmerli pushed a change to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/pulsar.git
from a082bf41358 [ML] When skipping updating mark delete position, execute callback with executor to prevent deadlock (#15971)
new ce0be079a73 Removing log4j-1.2-api from dependencies (#15991)
new 4fca9d0ba30 Upgrade Netty Reactive Streams to 2.0.6 (#15990)
new d8a3048e1c1 [fix][pulsar] Bump pyyaml from 5.3.1 to 5.4.1 to solve CVE-2020-14343 (#15989)
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
buildtools/pom.xml | 4 ----
distribution/server/pom.xml | 5 -----
distribution/server/src/assemble/LICENSE.bin.txt | 3 +--
docker/pulsar/Dockerfile | 3 ++-
managed-ledger/pom.xml | 6 ------
pom.xml | 7 ++++++-
pulsar-sql/presto-distribution/LICENSE | 2 +-
7 files changed, 10 insertions(+), 20 deletions(-)
[pulsar] 02/03: Upgrade Netty Reactive Streams to 2.0.6 (#15990)
Posted by mm...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mmerli pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 4fca9d0ba308abe27f71e4341402203102c913b4
Author: Matteo Merli <mm...@apache.org>
AuthorDate: Wed Jun 8 18:08:44 2022 -0700
Upgrade Netty Reactive Streams to 2.0.6 (#15990)
https://nvd.nist.gov/vuln/detail/CVE-2019-20444#range-6908693
Upgrade from 2.0.4 to 2.0.6
---
distribution/server/src/assemble/LICENSE.bin.txt | 2 +-
pom.xml | 7 ++++++-
pulsar-sql/presto-distribution/LICENSE | 2 +-
3 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
index 84b6e494e10..e9cf861f1c7 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -332,7 +332,7 @@ The Apache Software License, Version 2.0
- com.google.guava-failureaccess-1.0.1.jar
- com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
* J2ObjC Annotations -- com.google.j2objc-j2objc-annotations-1.3.jar
- * Netty Reactive Streams -- com.typesafe.netty-netty-reactive-streams-2.0.4.jar
+ * Netty Reactive Streams -- com.typesafe.netty-netty-reactive-streams-2.0.6.jar
* Swagger
- io.swagger-swagger-annotations-1.6.2.jar
- io.swagger-swagger-core-1.6.2.jar
diff --git a/pom.xml b/pom.xml
index 25dc660517f..912d59e6521 100644
--- a/pom.xml
+++ b/pom.xml
@@ -210,6 +210,7 @@ flexible messaging model and an intuitive client API.</description>
<snakeyaml.version>1.30</snakeyaml.version>
<ant.version>1.10.12</ant.version>
<seancfoley.ipaddress.version>5.3.3</seancfoley.ipaddress.version>
+ <netty-reactive-streams.version>2.0.6</netty-reactive-streams.version>
<!-- test dependencies -->
<cassandra.version>3.6.0</cassandra.version>
@@ -1258,7 +1259,11 @@ flexible messaging model and an intuitive client API.</description>
<version>${kotlin-stdlib.version}</version>
</dependency>
-
+ <dependency>
+ <groupId>com.typesafe.netty</groupId>
+ <artifactId>netty-reactive-streams</artifactId>
+ <version>${netty-reactive-streams.version}</version>
+ </dependency>
</dependencies>
</dependencyManagement>
diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE
index 82617157da0..44198afea07 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -241,7 +241,7 @@ The Apache Software License, Version 2.0
- netty-handler-proxy-4.1.77.Final.jar
- netty-common-4.1.77.Final.jar
- netty-handler-4.1.77.Final.jar
- - netty-reactive-streams-2.0.4.jar
+ - netty-reactive-streams-2.0.6.jar
- netty-resolver-4.1.77.Final.jar
- netty-resolver-dns-4.1.77.Final.jar
- netty-tcnative-boringssl-static-2.0.52.Final.jar
[pulsar] 01/03: Removing log4j-1.2-api from dependencies (#15991)
Posted by mm...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mmerli pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit ce0be079a7306103078e73a0797d6eb275bd0ee2
Author: Matteo Merli <mm...@apache.org>
AuthorDate: Thu Jun 9 11:09:20 2022 -0700
Removing log4j-1.2-api from dependencies (#15991)
---
buildtools/pom.xml | 4 ----
distribution/server/pom.xml | 5 -----
distribution/server/src/assemble/LICENSE.bin.txt | 1 -
managed-ledger/pom.xml | 6 ------
4 files changed, 16 deletions(-)
diff --git a/buildtools/pom.xml b/buildtools/pom.xml
index 1b7a193ff20..2271e3fe1b7 100644
--- a/buildtools/pom.xml
+++ b/buildtools/pom.xml
@@ -111,10 +111,6 @@
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-slf4j-impl</artifactId>
</dependency>
- <dependency>
- <groupId>org.apache.logging.log4j</groupId>
- <artifactId>log4j-1.2-api</artifactId>
- </dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
diff --git a/distribution/server/pom.xml b/distribution/server/pom.xml
index bb5918594a0..fe536ad588b 100644
--- a/distribution/server/pom.xml
+++ b/distribution/server/pom.xml
@@ -106,11 +106,6 @@
<version>${project.version}</version>
</dependency>
- <dependency>
- <groupId>org.apache.logging.log4j</groupId>
- <artifactId>log4j-1.2-api</artifactId>
- </dependency>
-
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
index 8cbbe9425c3..84b6e494e10 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -394,7 +394,6 @@ The Apache Software License, Version 2.0
- org.apache.logging.log4j-log4j-core-2.17.1.jar
- org.apache.logging.log4j-log4j-slf4j-impl-2.17.1.jar
- org.apache.logging.log4j-log4j-web-2.17.1.jar
- - org.apache.logging.log4j-log4j-1.2-api-2.17.1.jar
* Java Native Access JNA -- net.java.dev.jna-jna-4.2.0.jar
* BookKeeper
- org.apache.bookkeeper-bookkeeper-common-4.14.5.jar
diff --git a/managed-ledger/pom.xml b/managed-ledger/pom.xml
index 3f636aa9c97..0becbc8785a 100644
--- a/managed-ledger/pom.xml
+++ b/managed-ledger/pom.xml
@@ -101,12 +101,6 @@
<scope>test</scope>
</dependency>
- <dependency>
- <groupId>org.apache.logging.log4j</groupId>
- <artifactId>log4j-1.2-api</artifactId>
- <scope>test</scope>
- </dependency>
-
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
[pulsar] 03/03: [fix][pulsar] Bump pyyaml from 5.3.1 to 5.4.1 to solve CVE-2020-14343 (#15989)
Posted by mm...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mmerli pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit d8a3048e1c1353548ca84bae8b09f98b0f755e28
Author: Kay Johansen <ka...@streamnative.io>
AuthorDate: Wed Jun 8 21:52:42 2022 -0600
[fix][pulsar] Bump pyyaml from 5.3.1 to 5.4.1 to solve CVE-2020-14343 (#15989)
---
docker/pulsar/Dockerfile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/docker/pulsar/Dockerfile b/docker/pulsar/Dockerfile
index b15cb827b9f..e45e8e50659 100644
--- a/docker/pulsar/Dockerfile
+++ b/docker/pulsar/Dockerfile
@@ -58,7 +58,7 @@ RUN sed -i "s|http://archive\.ubuntu\.com/ubuntu/|${UBUNTU_MIRROR:-mirror://mirr
&& apt-get update \
&& apt-get -y dist-upgrade \
&& apt-get -y install --no-install-recommends openjdk-11-jdk-headless netcat dnsutils less procps iputils-ping \
- python3 python3-yaml python3-kazoo python3-pip \
+ python3 python3-kazoo python3-pip \
curl ca-certificates \
&& apt-get -y --purge autoremove \
&& apt-get autoclean \
@@ -66,6 +66,7 @@ RUN sed -i "s|http://archive\.ubuntu\.com/ubuntu/|${UBUNTU_MIRROR:-mirror://mirr
&& rm -rf /var/lib/apt/lists/*
RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 10
+RUN pip3 install pyyaml==5.4.1
# Pulsar currently writes to the below directories, assuming the default configuration.
# Note that number 4 is the reason that pulsar components need write access to the /pulsar directory.