packages/pulsar
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
pulsar/0009-CVE-2022-24329.patch
sundapeng 5c61327a1d resolve CVE-2022-24329
2023-12-05 07:41:40 +00:00

74 lines
3.0 KiB
Diff
Raw Permalink Blame History

diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
index 87c54acbe3..e32d3d9f43 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -462,10 +462,10 @@ The Apache Software License, Version 2.0
* Okio - com.squareup.okio-okio-2.8.0.jar
* Javassist -- org.javassist-javassist-3.25.0-GA.jar
* Kotlin Standard Lib
- - org.jetbrains.kotlin-kotlin-stdlib-1.4.32.jar
- - org.jetbrains.kotlin-kotlin-stdlib-common-1.4.32.jar
- - org.jetbrains.kotlin-kotlin-stdlib-jdk7-1.4.32.jar
- - org.jetbrains.kotlin-kotlin-stdlib-jdk8-1.4.32.jar
+ - org.jetbrains.kotlin-kotlin-stdlib-1.6.0.jar
+ - org.jetbrains.kotlin-kotlin-stdlib-common-1.6.0.jar
+ - org.jetbrains.kotlin-kotlin-stdlib-jdk7-1.6.0.jar
+ - org.jetbrains.kotlin-kotlin-stdlib-jdk8-1.6.0.jar
- org.jetbrains-annotations-13.0.jar
* gRPC
- io.grpc-grpc-all-1.45.1.jar
diff --git a/pom.xml b/pom.xml
index 52c1e587ad..5bdf7946f5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -203,7 +203,7 @@ flexible messaging model and an intuitive client API.</description>
<!-- use okio version that matches the okhttp3 version -->
<okio.version>2.8.0</okio.version>
<!-- override kotlin-stdlib used by okio in order to address CVE-2020-29582 -->
- <kotlin-stdlib.version>1.4.32</kotlin-stdlib.version>
+ <kotlin-stdlib.version>1.6.0</kotlin-stdlib.version>
<nsq-client.version>1.0</nsq-client.version>
<cron-utils.version>9.1.6</cron-utils.version>
<spring-context.version>5.3.19</spring-context.version>
diff --git a/src/owasp-dependency-check-suppressions.xml b/src/owasp-dependency-check-suppressions.xml
index 201a23baa0..07300d2601 100644
--- a/src/owasp-dependency-check-suppressions.xml
+++ b/src/owasp-dependency-check-suppressions.xml
@@ -60,36 +60,6 @@
<vulnerabilityName regex="true">.*</vulnerabilityName>
</suppress>
- <!-- see https://github.com/apache/pulsar/pull/14629-->
- <suppress>
- <notes><![CDATA[
- file name: kotlin-stdlib-common-1.4.32.jar
- ]]></notes>
- <sha1>ef50bfa2c0491a11dcc35d9822edbfd6170e1ea2</sha1>
- <cpe>cpe:/a:jetbrains:kotlin</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: kotlin-stdlib-jdk7-1.4.32.jar
- ]]></notes>
- <sha1>3546900a3ebff0c43f31190baf87a9220e37b7ea</sha1>
- <cve>CVE-2022-24329</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: kotlin-stdlib-jdk8-1.4.32.jar
- ]]></notes>
- <sha1>3302f9ec8a5c1ed220781dbd37770072549bd333</sha1>
- <cve>CVE-2022-24329</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: kotlin-stdlib-1.4.32.jar
- ]]></notes>
- <sha1>461367948840adbb0839c51d91ed74ef4a9ccb52</sha1>
- <cve>CVE-2022-24329</cve>
- </suppress>
-
<!-- see https://github.com/alibaba/canal/issues/4010 -->
<suppress>
<notes><![CDATA[
Reference in New Issue View Git Blame Copy Permalink