packages/kafka
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

jackson升级到2.13.4,修复CVE-2022-42004

Browse Source
This commit is contained in:
sundapeng 2023-09-22 01:33:10 +00:00
parent 403569084b
commit f2c95b2c50
2 changed files with 42 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
0004-CVE-2022-42004.patch Normal file
View File

@ -0,0 +1,36 @@
diff --git a/core/src/main/scala/kafka/admin/ConsumerGroupCommand.scala b/core/src/main/scala/kafka/admin/ConsumerGroupCommand.scala
index 2fc55bd7b6..e4611256d4 100755
--- a/core/src/main/scala/kafka/admin/ConsumerGroupCommand.scala
+++ b/core/src/main/scala/kafka/admin/ConsumerGroupCommand.scala
@@ -21,7 +21,6 @@ import java.time.{Duration, Instant}
import java.util.Properties
import com.fasterxml.jackson.dataformat.csv.CsvMapper
import com.fasterxml.jackson.module.scala.DefaultScalaModule
-import com.fasterxml.jackson.module.scala.experimental.ScalaObjectMapper
import kafka.utils._
import kafka.utils.Implicits._
import org.apache.kafka.clients.admin._
@@ -146,7 +145,7 @@ object ConsumerGroupCommand extends Logging {
}
// Example: CsvUtils().readerFor[CsvRecordWithoutGroup]
private[admin] case class CsvUtils() {
- val mapper = new CsvMapper with ScalaObjectMapper
+ val mapper = new CsvMapper
mapper.registerModule(DefaultScalaModule)
def readerFor[T <: CsvRecord : ClassTag] = {
val schema = getSchema[T]
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index 8dcf7af2f2..ea0c1af419 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -66,8 +66,8 @@ versions += [
grgit: "4.1.1",
httpclient: "4.5.13",
easymock: "4.2",
- jackson: "2.10.5",
- jacksonDatabind: "2.10.5.1",
+ jackson: "2.13.4",
+ jacksonDatabind: "2.13.4.2",
jacoco: "0.8.5",
javassist: "3.27.0-GA",
jetty: "9.4.48.v20220622",

8
kafka.spec
View File

@ -4,7 +4,7 @@
Name: kafka Name: kafka
Version: 2.8.2 Version: 2.8.2
Release: 3 Release: 4
Summary: A Distributed Streaming Platform. Summary: A Distributed Streaming Platform.
License: Apache-2.0 License: Apache-2.0
@ -15,6 +15,7 @@ Source3: gradle-wrapper.jar
Patch0: 0001-adopt-huaweimaven.patch Patch0: 0001-adopt-huaweimaven.patch
Patch1: 0002-CVE-2022-41881.patch Patch1: 0002-CVE-2022-41881.patch
Patch2: 0003-CVE-2023-34455.patch Patch2: 0003-CVE-2023-34455.patch
Patch3: 0004-CVE-2022-42004.patch
BuildRequires: systemd java-1.8.0-openjdk-devel BuildRequires: systemd java-1.8.0-openjdk-devel
Provides: kafka = %{version} Provides: kafka = %{version}
@ -66,8 +67,11 @@ cp -pr licenses/* $RPM_BUILD_ROOT%{kafka_home}/licenses
rm -rf %{buildroot} rm -rf %{buildroot}
%changelog %changelog
* Thu Sep 21 2023 sundapeng <sundapeng_yewu@cmss.chinamobile.com> - 2.8.2-4
-fix CVE-2022-42004
* Fri Sep 1 2023 sundapeng <sundapeng_yewu@cmss.chinamobile.com> - 2.8.2-3 * Fri Sep 1 2023 sundapeng <sundapeng_yewu@cmss.chinamobile.com> - 2.8.2-3
- fix CVE-2023-34455.patch - fix CVE-2023-34455
* Wed Aug 30 2023 sundapeng <sundapeng_yewu@cmss.chinamobile.com> - 2.8.2-2 * Wed Aug 30 2023 sundapeng <sundapeng_yewu@cmss.chinamobile.com> - 2.8.2-2
- fix CVE-2022-41881 - fix CVE-2022-41881