From 03a548d4e56104e2807d961f7eec3fbe360e45b9 Mon Sep 17 00:00:00 2001 From: Wei-Chiu Chuang Date: Sat, 10 Jun 2023 11:05:44 -0700 Subject: [PATCH] HADOOP-18646. Upgrade Netty to 4.1.89.Final to fix CVE-2022-41881 (#5435) (#5729) This fixes CVE-2022-41881. This also upgrades io.opencensus dependencies to 0.12.3 Contributed by Aleksandr Nikolaev (cherry picked from commit 734f7abfb8b84a4c20dbae5073cf2d4fb60adc1c) Conflicts: hadoop-project/pom.xml Change-Id: I26b8961725706370ac5f0fa248d0b0333034a047 Co-authored-by: nao <56360298+nao-it@users.noreply.github.com> --- LICENSE-binary | 8 ++------ hadoop-project/pom.xml | 2 +- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/LICENSE-binary b/LICENSE-binary index fe96670a9e..2199d9d11a 100644 --- a/LICENSE-binary +++ b/LICENSE-binary @@ -295,12 +295,8 @@ io.netty:netty-resolver-dns-classes-macos:4.1.77.Final io.netty:netty-transport-native-epoll:4.1.77.Final io.netty:netty-transport-native-kqueue:4.1.77.Final io.netty:netty-resolver-dns-native-macos:4.1.77.Final -io.opencensus:opencensus-api:0.24.0 -io.opencensus:opencensus-contrib-grpc-metrics:0.24.0 -io.opentracing:opentracing-api:0.33.0 -io.opentracing:opentracing-noop:0.33.0 -io.opentracing:opentracing-util:0.33.0 -io.perfmark:perfmark-api:0.19.0 +io.opencensus:opencensus-api:0.12.3 +io.opencensus:opencensus-contrib-grpc-metrics:0.12.3 io.reactivex:rxjava:1.3.8 io.reactivex:rxjava-string:1.1.1 io.reactivex:rxnetty:0.4.20 diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml index 8a27afbf85..d83d994623 100644 --- a/hadoop-project/pom.xml +++ b/hadoop-project/pom.xml @@ -144,7 +144,7 @@ 2.9.0 3.2.4 3.10.6.Final - 4.1.77.Final + 4.1.89.Final 1.1.8.2 1.7.1