Skip to content

Commit 07acdbc

Browse files
nicoloboschinicoloboschi
authored
[fix][sec] Fix transitive critical CVEs in file-system tiered storage (apache#19957)
1 parent 38485e0 commit 07acdbc

File tree

2 files changed

+3
-28
lines changed

2 files changed

+3
-28
lines changed

pom.xml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -180,8 +180,8 @@ flexible messaging model and an intuitive client API.</description>
180180
<clickhouse-jdbc.version>0.3.2-patch11</clickhouse-jdbc.version>
181181
<mariadb-jdbc.version>2.7.5</mariadb-jdbc.version>
182182
<openmldb-jdbc.version>0.4.4-hotfix1</openmldb-jdbc.version>
183-
<hdfs-offload-version3>3.3.3</hdfs-offload-version3>
184-
<json-smart.version>2.4.7</json-smart.version>
183+
<hdfs-offload-version3>3.3.5</hdfs-offload-version3>
184+
<json-smart.version>2.4.10</json-smart.version>
185185
<opensearch.version>1.2.4</opensearch.version>
186186
<elasticsearch-java.version>8.5.2</elasticsearch-java.version>
187187
<trino.version>363</trino.version>
@@ -257,7 +257,7 @@ flexible messaging model and an intuitive client API.</description>
257257
<objenesis.version>3.1</objenesis.version>
258258
<awaitility.version>4.2.0</awaitility.version>
259259
<reload4j.version>1.2.22</reload4j.version>
260-
<jettison.version>1.5.3</jettison.version>
260+
<jettison.version>1.5.4</jettison.version>
261261
<woodstox.version>5.4.0</woodstox.version>
262262
<wiremock.version>2.33.2</wiremock.version>
263263

tiered-storage/file-system/pom.xml

Lines changed: 0 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -53,31 +53,6 @@
5353
</exclusions>
5454
</dependency>
5555
<!-- fix hadoop-commons vulnerable dependencies -->
56-
<dependency>
57-
<groupId>com.sun.jersey</groupId>
58-
<artifactId>jersey-json</artifactId>
59-
<!-- same version used by hadoop-common-->
60-
<version>1.19</version>
61-
<exclusions>
62-
<exclusion>
63-
<groupId>org.codehaus.jackson</groupId>
64-
<artifactId>jackson-core-asl</artifactId>
65-
</exclusion>
66-
<exclusion>
67-
<groupId>org.codehaus.jackson</groupId>
68-
<artifactId>jackson-mapper-asl</artifactId>
69-
</exclusion>
70-
<exclusion>
71-
<groupId>org.codehaus.jackson</groupId>
72-
<artifactId>jackson-jaxrs</artifactId>
73-
</exclusion>
74-
<exclusion>
75-
<groupId>org.codehaus.jackson</groupId>
76-
<artifactId>jackson-xc</artifactId>
77-
</exclusion>
78-
</exclusions>
79-
</dependency>
80-
<!-- fix hadoop-commons vulnerable dependencies -->
8156
<dependency>
8257
<groupId>org.apache.avro</groupId>
8358
<artifactId>avro</artifactId>

0 commit comments

Comments
 (0)