(kylin) 05/15: KYLIN-5737 Fix vulnerabilities, upgrade tomcat-embed-core & netty (#30573)

Fri, 29 Mar 2024 03:34:40 -0700 

This is an automated email from the ASF dual-hosted git repository.

liyang pushed a commit to branch kylin5
in repository https://gitbox.apache.org/repos/asf/kylin.git

commit d008c28156b0b2cfea530b08f765613575b2c60e
Author: Yinghao Lin <39019287+yhca...@users.noreply.github.com>
AuthorDate: Thu Jun 29 20:09:22 2023 +0800

    KYLIN-5737 Fix vulnerabilities, upgrade tomcat-embed-core & netty (#30573)
---
 pom.xml                     | 27 ++++++++++-----------------
 src/kylin-it/pom.xml        |  9 ---------
 src/kylin-server-it/pom.xml |  9 ---------
 src/server/pom.xml          |  1 +
 src/streaming/pom.xml       |  7 +------
 5 files changed, 12 insertions(+), 41 deletions(-)

diff --git a/pom.xml b/pom.xml
index 904f18cb80..a61ca736d4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -100,7 +100,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <arthas.version>3.6.7-kyarthas-r3</arthas.version>
-        <tomcat-embed.version>9.0.74</tomcat-embed.version>
+        <tomcat-embed.version>9.0.76</tomcat-embed.version>
 
         <!-- Keep same order with dependencyManagement -->
 
@@ -360,9 +360,8 @@
         <derby.version>10.14.2.0</derby.version>
         <jcommander.version>1.75</jcommander.version>
         <ant.version>1.10.11</ant.version>
-        <netty-all.version>4.1.89.Final</netty-all.version>
-        <netty.version>3.10.6.Final</netty.version>
-        <netty-codec.version>4.1.89.Final</netty-codec.version>
+        <netty3.version>3.10.6.Final</netty3.version>
+        <netty-handler.version>4.1.94.Final</netty-handler.version>
         <servo-core.version>0.13.2</servo-core.version>
         <apache-api.version>1.0.3</apache-api.version>
         
<saas.nacos.discovery.starter.version>2.6.2</saas.nacos.discovery.starter.version>
@@ -741,11 +740,6 @@
                 <artifactId>kylin-soft-affinity-cache</artifactId>
                 <version>${project.version}</version>
             </dependency>
-            <dependency>
-                <groupId>io.netty</groupId>
-                <artifactId>netty-codec-haproxy</artifactId>
-                <version>${netty-codec.version}</version>
-            </dependency>
             <dependency>
                 <groupId>io.dropwizard.metrics</groupId>
                 <artifactId>metrics-core</artifactId>
@@ -2788,14 +2782,8 @@
             <!--spark 2.4-->
             <dependency>
                 <groupId>io.netty</groupId>
-                <artifactId>netty-all</artifactId>
-                <version>${netty-all.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>io.netty</groupId>
-                <artifactId>netty</artifactId>
-                <version>${netty.version}</version>
-                <scope>provided</scope>
+                <artifactId>netty-handler</artifactId>
+                <version>${netty-handler.version}</version>
             </dependency>
             <dependency>
                 <groupId>org.codehaus.janino</groupId>
@@ -2961,6 +2949,11 @@
                 <artifactId>snappy-java</artifactId>
                 <version>${snappy-java.version}</version>
             </dependency>
+            <dependency>
+                <groupId>io.netty</groupId>
+                <artifactId>netty</artifactId>
+                <version>${netty3.version}</version>
+            </dependency>
 
         </dependencies>
     </dependencyManagement>
diff --git a/src/kylin-it/pom.xml b/src/kylin-it/pom.xml
index 01282cf457..4272d86bf6 100644
--- a/src/kylin-it/pom.xml
+++ b/src/kylin-it/pom.xml
@@ -97,15 +97,6 @@
             <artifactId>commons-cli</artifactId>
         </dependency>
         <!--for spark2.4-->
-        <dependency>
-            <groupId>io.netty</groupId>
-            <artifactId>netty-all</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>io.netty</groupId>
-            <artifactId>netty</artifactId>
-            <scope>provided</scope>
-        </dependency>
         <dependency>
             <groupId>org.codehaus.janino</groupId>
             <artifactId>janino</artifactId>
diff --git a/src/kylin-server-it/pom.xml b/src/kylin-server-it/pom.xml
index 9c60c7bb48..8cd256e983 100644
--- a/src/kylin-server-it/pom.xml
+++ b/src/kylin-server-it/pom.xml
@@ -106,15 +106,6 @@
             <artifactId>commons-cli</artifactId>
         </dependency>
         <!--for spark2.4-->
-        <dependency>
-            <groupId>io.netty</groupId>
-            <artifactId>netty-all</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>io.netty</groupId>
-            <artifactId>netty</artifactId>
-            <scope>provided</scope>
-        </dependency>
         <dependency>
             <groupId>org.codehaus.janino</groupId>
             <artifactId>janino</artifactId>
diff --git a/src/server/pom.xml b/src/server/pom.xml
index fdf7d8182e..deb02b3ade 100644
--- a/src/server/pom.xml
+++ b/src/server/pom.xml
@@ -443,6 +443,7 @@
                                 net.sf.py4j,
                                 com.h2database,
                                 jdk.tools,
+                                io.netty
                             </excludeGroupIds>
                             <excludeArtifactIds>
                                 unused
diff --git a/src/streaming/pom.xml b/src/streaming/pom.xml
index 105755ad83..e03dc67f0c 100644
--- a/src/streaming/pom.xml
+++ b/src/streaming/pom.xml
@@ -159,11 +159,6 @@
             <scope>test</scope>
             <version>3.4.0</version>
         </dependency>
-        <dependency>
-            <groupId>io.netty</groupId>
-            <artifactId>netty</artifactId>
-            <scope>test</scope>
-        </dependency>
 
         <dependency>
             <groupId>org.apache.spark</groupId>
@@ -206,4 +201,4 @@
             </plugin>
         </plugins>
     </build>
-</project>
\ No newline at end of file
+</project>

Reply via email to