HADOOP-19114. Upgrade to commons-compress 1.26.1 due to CVEs. (#6636)
This addresses two CVEs triggered by malformed archives Important: Denial of Service CVE-2024-25710 Moderate: Denial of Service CVE-2024-26308 Contributed by PJ Fanning
This commit is contained in:
parent
87fb977777
commit
eede5b1315
@ -299,7 +299,7 @@ net.java.dev.jna:jna:5.2.0
|
||||
net.minidev:accessors-smart:1.2
|
||||
org.apache.avro:avro:1.9.2
|
||||
org.apache.commons:commons-collections4:4.2
|
||||
org.apache.commons:commons-compress:1.24.0
|
||||
org.apache.commons:commons-compress:1.26.1
|
||||
org.apache.commons:commons-configuration2:2.10.1
|
||||
org.apache.commons:commons-csv:1.9.0
|
||||
org.apache.commons:commons-digester:1.8.1
|
||||
|
@ -22,7 +22,7 @@
|
||||
import org.apache.commons.cli.HelpFormatter;
|
||||
import org.apache.commons.cli.Option;
|
||||
import org.apache.commons.cli.Options;
|
||||
import org.apache.commons.compress.archivers.ArchiveEntry;
|
||||
import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
|
||||
import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream;
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.fs.BlockLocation;
|
||||
@ -337,7 +337,7 @@ void buildPackage()
|
||||
LOG.info("Adding " + fullPath);
|
||||
File file = new File(fullPath);
|
||||
try (FileInputStream inputStream = new FileInputStream(file)) {
|
||||
ArchiveEntry entry = out.createArchiveEntry(file, file.getName());
|
||||
TarArchiveEntry entry = out.createArchiveEntry(file, file.getName());
|
||||
out.putArchiveEntry(entry);
|
||||
IOUtils.copyBytes(inputStream, out, 1024 * 1024);
|
||||
out.closeArchiveEntry();
|
||||
|
@ -122,7 +122,7 @@
|
||||
<commons-cli.version>1.5.0</commons-cli.version>
|
||||
<commons-codec.version>1.15</commons-codec.version>
|
||||
<commons-collections.version>3.2.2</commons-collections.version>
|
||||
<commons-compress.version>1.24.0</commons-compress.version>
|
||||
<commons-compress.version>1.26.1</commons-compress.version>
|
||||
<commons-csv.version>1.9.0</commons-csv.version>
|
||||
<commons-io.version>2.14.0</commons-io.version>
|
||||
<commons-lang3.version>3.12.0</commons-lang3.version>
|
||||
|
Loading…
Reference in New Issue
Block a user