Skip to content

Commit

Permalink
[fix][sec] Upgrade async-http-client to 2.12.4 to address CVE-2024-53990
Browse files Browse the repository at this point in the history 
 (#23732)
  • Loading branch information
@lhotari
lhotari authored Dec 16, 2024
1 parent 3761dc4 commit 9a7269a
Show file tree
Hide file tree
Showing 10 changed files with 14 additions and 21 deletions.
6 changes: 3 additions & 3 deletions distribution/server/src/assemble/LICENSE.bin.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -389,8 +389,8 @@ The Apache Software License, Version 2.0
* AirCompressor
- io.airlift-aircompressor-0.27.jar
* AsyncHttpClient
- org.asynchttpclient-async-http-client-2.12.1.jar
- org.asynchttpclient-async-http-client-netty-utils-2.12.1.jar
- org.asynchttpclient-async-http-client-2.12.4.jar
- org.asynchttpclient-async-http-client-netty-utils-2.12.4.jar
* Jetty
- org.eclipse.jetty-jetty-client-9.4.56.v20240826.jar
- org.eclipse.jetty-jetty-continuation-9.4.56.v20240826.jar
Expand Down Expand Up @@ -570,7 +570,7 @@ Protocol Buffers License

CDDL-1.1 -- ../licenses/LICENSE-CDDL-1.1.txt
* Java Annotations API
- com.sun.activation-javax.activation-1.2.0.jar
- com.sun.activation-jakarta.activation-1.2.2.jar
* Java Servlet API -- javax.servlet-javax.servlet-api-3.1.0.jar
* WebSocket Server API -- javax.websocket-javax.websocket-client-api-1.0.jar
* HK2 - Dependency Injection Kernel
Expand Down
6 changes: 3 additions & 3 deletions distribution/shell/src/assemble/LICENSE.bin.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -399,8 +399,8 @@ The Apache Software License, Version 2.0
* AirCompressor
- aircompressor-0.27.jar
* AsyncHttpClient
- async-http-client-2.12.1.jar
- async-http-client-netty-utils-2.12.1.jar
- async-http-client-2.12.4.jar
- async-http-client-netty-utils-2.12.4.jar
* Jetty
- jetty-client-9.4.56.v20240826.jar
- jetty-http-9.4.56.v20240826.jar
Expand Down Expand Up @@ -431,7 +431,7 @@ MIT License

CDDL-1.1 -- ../licenses/LICENSE-CDDL-1.1.txt
* Java Annotations API
- javax.activation-1.2.0.jar
- jakarta.activation-1.2.2.jar
* WebSocket Server API -- javax.websocket-client-api-1.0.jar
* HK2 - Dependency Injection Kernel
- hk2-api-2.6.1.jar
Expand Down
9 changes: 1 addition & 8 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,7 +215,7 @@ flexible messaging model and an intuitive client API.</description>
<prometheus-jmx.version>0.16.1</prometheus-jmx.version>
<confluent.version>6.2.8</confluent.version>
<aircompressor.version>0.27</aircompressor.version>
<asynchttpclient.version>2.12.1</asynchttpclient.version>
<asynchttpclient.version>2.12.4</asynchttpclient.version>
<commons-lang3.version>3.11</commons-lang3.version>
<commons-configuration.version>1.10</commons-configuration.version>
<commons-io.version>2.18.0</commons-io.version>
Expand All @@ -233,7 +233,6 @@ flexible messaging model and an intuitive client API.</description>
<lombok.version>1.18.32</lombok.version>
<jakarta.annotation-api.version>1.3.5</jakarta.annotation-api.version>
<jaxb-api>2.3.1</jaxb-api>
<javax.activation.version>1.2.0</javax.activation.version>
<jakarta.activation.version>1.2.2</jakarta.activation.version>
<jakarta.xml.bind.version>2.3.3</jakarta.xml.bind.version>
<jakarta.validation.version>2.0.2</jakarta.validation.version>
Expand Down Expand Up @@ -1441,12 +1440,6 @@ flexible messaging model and an intuitive client API.</description>
<version>${jakarta.xml.bind.version}</version>
</dependency>

<dependency>
<groupId>com.sun.activation</groupId>
<artifactId>javax.activation</artifactId>
<version>${javax.activation.version}</version>
</dependency>

<dependency>
<groupId>com.sun.activation</groupId>
<artifactId>jakarta.activation</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion pulsar-broker/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -458,7 +458,7 @@

<dependency>
<groupId>com.sun.activation</groupId>
<artifactId>javax.activation</artifactId>
<artifactId>jakarta.activation</artifactId>
</dependency>

<dependency>
Expand Down
2 changes: 1 addition & 1 deletion pulsar-client-admin-shaded/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@
<include>com.google.re2j:re2j</include>
<include>com.spotify:completable-futures</include>
<include>com.squareup.*:*</include>
<include>com.sun.activation:javax.activation</include>
<include>com.sun.activation:jakarta.activation</include>
<include>com.typesafe.netty:netty-reactive-streams</include>
<include>com.yahoo.datasketches:*</include>
<include>com.yahoo.datasketches:sketches-core</include>
Expand Down
2 changes: 1 addition & 1 deletion pulsar-client-admin/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@
</dependency>
<dependency>
<groupId>com.sun.activation</groupId>
<artifactId>javax.activation</artifactId>
<artifactId>jakarta.activation</artifactId>
<scope>runtime</scope>
</dependency>

Expand Down
2 changes: 1 addition & 1 deletion pulsar-client-all/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,7 @@
<include>com.google.re2j:re2j</include>
<include>com.spotify:completable-futures</include>
<include>com.squareup.*:*</include>
<include>com.sun.activation:javax.activation</include>
<include>com.sun.activation:jakarta.activation</include>
<!-- Avro transitive dependencies -->
<include>com.thoughtworks.paranamer:paranamer</include>
<include>com.typesafe.netty:netty-reactive-streams</include>
Expand Down
2 changes: 1 addition & 1 deletion pulsar-client-shaded/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@
<include>com.google.j2objc:*</include>
<include>com.google.re2j:re2j</include>
<include>com.spotify:completable-futures</include>
<include>com.sun.activation:javax.activation</include>
<include>com.sun.activation:jakarta.activation</include>
<!-- Avro transitive dependencies -->
<include>com.thoughtworks.paranamer:paranamer</include>
<include>com.typesafe.netty:netty-reactive-streams</include>
Expand Down
2 changes: 1 addition & 1 deletion pulsar-proxy/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@

<dependency>
<groupId>com.sun.activation</groupId>
<artifactId>javax.activation</artifactId>
<artifactId>jakarta.activation</artifactId>
</dependency>

<dependency>
Expand Down
2 changes: 1 addition & 1 deletion tiered-storage/jcloud/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@

<dependency>
<groupId>com.sun.activation</groupId>
<artifactId>javax.activation</artifactId>
<artifactId>jakarta.activation</artifactId>
<scope>runtime</scope>
</dependency>

Expand Down

0 comments on commit 9a7269a

Please sign in to comment.