pulsar-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [pulsar] merlimat opened a new pull request #5232: Upgrade dependencies for security fixes
Date Thu, 19 Sep 2019 23:57:42 GMT
merlimat opened a new pull request #5232: Upgrade dependencies for security fixes
URL: https://github.com/apache/pulsar/pull/5232
 
 
   ### Motivation
   
   Upgrade the version of several dependencies to include fixes for a series of vulnerabilities,
as reported in #4057. 
   
   ### Modifications
   
    * Guava 21.0 -> 28.1
    * Commons Compress 1.15 -> 1.19
    * Jetty 9.4.12.v20180830 -> 9.4.20.v20190813
    * Netty 3.10.1.Final -> netty-3.10.6.Final (Netty 3.x is used by ZooKeeper)
   
   Pulsar SQL dependencies:
    * async-http-client 1.6.5 -> 1.9.40
    * Maven components 3.0.4 -> 3.6.2
   
   Note: jackson-databind was already upgraded in #5011
   
   
   Fix #4057

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message