This is an automated email from the ASF dual-hosted git repository.
liyang pushed a commit to branch kylin5
in repository https://gitbox.apache.org/repos/asf/kylin.git
commit 410698dc3de7d9f308c27aba09914496145b61bd
Author: Xuecheng Shan <xuecheng.s...@kyligence.io>
AuthorDate: Thu Oct 12 18:18:41 2023 +0800
KYLIN-5855 Upgrade jars for security problems
---
pom.xml | 50 ++++++++++++++--------
src/common-booter/pom.xml | 6 ++-
src/core-job/pom.xml | 15 ++++++-
src/data-loading-booter/pom.xml | 15 ++++++-
src/ops-booter/pom.xml | 11 +++++
src/query-booter/pom.xml | 2 +-
.../kylin-soft-affinity-cache/pom.xml | 28 ++++++++++++
7 files changed, 105 insertions(+), 22 deletions(-)
diff --git a/pom.xml b/pom.xml
index a0ffa90777..450a57dbc6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -99,8 +99,8 @@
<maven-model.version>3.3.9</maven-model.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
- <arthas.version>3.6.7-kyarthas-r3</arthas.version>
- <tomcat-embed.version>9.0.76</tomcat-embed.version>
+ <arthas.version>3.6.8</arthas.version>
+ <tomcat-embed.version>9.0.82</tomcat-embed.version>
<!-- Keep same order with dependencyManagement -->
@@ -165,7 +165,7 @@
<scalatest.version>3.2.0</scalatest.version>
<dbunit.version>2.5.2</dbunit.version>
<h2.version>1.4.197</h2.version>
- <jetty.version>9.4.43.v20210629</jetty.version>
+ <jetty.version>9.4.53.v20231009</jetty.version>
<jamm.version>0.3.1</jamm.version>
<mockito.version>3.12.4</mockito.version>
<powermock.version>2.0.9</powermock.version>
@@ -397,6 +397,7 @@
<ant.version>1.10.11</ant.version>
<netty3.version>3.10.6.Final</netty3.version>
<netty-handler.version>4.1.94.Final</netty-handler.version>
+ <netty-codec-http2.version>4.1.100.Final</netty-codec-http2.version>
<servo-core.version>0.13.2</servo-core.version>
<apache-api.version>1.0.3</apache-api.version>
@@ -409,6 +410,8 @@
<nimbus-jose-jwt.version>9.23</nimbus-jose-jwt.version>
<system-lambda.version>1.2.1</system-lambda.version>
<okhttp.version>3.12.12</okhttp.version>
+ <okio.version>3.4.0</okio.version>
+ <license.version>5.0.8</license.version>
<snappy-java.version>1.1.10.4</snappy-java.version>
<avro.version>1.11.3</avro.version>
</properties>
@@ -437,9 +440,6 @@
<module>src/datasource-sdk</module>
<module>src/streaming-sdk</module>
<module>outdated/second-storage/core</module>
-<!-- <module>src/second-storage/core-ui</module>-->
-<!-- <module>src/second-storage/clickhouse</module>-->
-<!-- <module>src/second-storage/clickhouse-it</module>-->
<module>src/modeling-service</module>
<module>src/query-service</module>
<module>src/datasource-service</module>
@@ -546,11 +546,6 @@
<version>${project.version}</version>
</dependency>
<!-- second storage -->
-<!-- <dependency>-->
-<!-- <groupId>org.apache.kylin</groupId>-->
-<!-- <artifactId>kap-second-storage-clickhouse</artifactId>-->
-<!-- <version>${project.version}</version>-->
-<!-- </dependency>-->
<dependency>
<groupId>org.apache.kylin</groupId>
<artifactId>kap-second-storage-core</artifactId>
@@ -571,11 +566,6 @@
</exclusion>
</exclusions>
</dependency>
-<!-- <dependency>-->
-<!-- <groupId>org.apache.kylin</groupId>-->
-<!-- <artifactId>kap-second-storage-ui</artifactId>-->
-<!-- <version>${project.version}</version>-->
-<!-- </dependency>-->
<dependency>
<groupId>org.apache.kylin</groupId>
<artifactId>kylin-common-service</artifactId>
@@ -873,7 +863,7 @@
<dependency>
<groupId>org.apache.kylin</groupId>
<artifactId>kap-second-storage-clickhouse</artifactId>
- <version>5.0.0-beta</version>
+ <version>${project.version}</version>
<type>test-jar</type>
</dependency>
<dependency>
@@ -1003,6 +993,10 @@
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.cedarsoftware</groupId>
+ <artifactId>json-io</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -1457,6 +1451,10 @@
<groupId>io.netty</groupId>
<artifactId>netty</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.cedarsoftware</groupId>
+ <artifactId>json-io</artifactId>
+ </exclusion>
</exclusions>
<version>${hive.version}</version>
</dependency>
@@ -1953,6 +1951,10 @@
<groupId>org.apache.thrift</groupId>
<artifactId>libfb303</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.cedarsoftware</groupId>
+ <artifactId>json-io</artifactId>
+ </exclusion>
</exclusions>
<scope>provided</scope>
</dependency>
@@ -1998,6 +2000,10 @@
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.cedarsoftware</groupId>
+ <artifactId>json-io</artifactId>
+ </exclusion>
</exclusions>
<version>${hadoop-yarn-server-resourcemanager.version}</version>
</dependency>
@@ -2958,6 +2964,11 @@
<artifactId>netty-handler</artifactId>
<version>${netty-handler.version}</version>
</dependency>
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-codec-http2</artifactId>
+ <version>${netty-codec-http2.version}</version>
+ </dependency>
<dependency>
<groupId>org.codehaus.janino</groupId>
<artifactId>janino</artifactId>
@@ -3137,6 +3148,11 @@
<version>${avro.version}</version>
<scope>provided</scope>
</dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-server</artifactId>
+ <version>${jetty.version}</version>
+ </dependency>
</dependencies>
</dependencyManagement>
diff --git a/src/common-booter/pom.xml b/src/common-booter/pom.xml
index 99dec8fd91..21bce367a2 100644
--- a/src/common-booter/pom.xml
+++ b/src/common-booter/pom.xml
@@ -125,12 +125,16 @@
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
<version>${jetty.version}</version>
- <scope>compile</scope>
+ <scope>test</scope>
<exclusions>
<exclusion>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
+ <exclusion>
+ <groupId></groupId>
+ <artifactId></artifactId>
+ </exclusion>
</exclusions>
</dependency>
</dependencies>
diff --git a/src/core-job/pom.xml b/src/core-job/pom.xml
index b78ebb3699..85abdfc1de 100644
--- a/src/core-job/pom.xml
+++ b/src/core-job/pom.xml
@@ -14,7 +14,9 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<project xmlns="http://maven.apache.org/POM/4.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd";>
+<project xmlns="http://maven.apache.org/POM/4.0.0";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd";>
<modelVersion>4.0.0</modelVersion>
<artifactId>kylin-core-job</artifactId>
<packaging>jar</packaging>
@@ -90,6 +92,17 @@
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
<version>${okhttp.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.squareup.okio</groupId>
+ <artifactId>okio</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>com.squareup.okio</groupId>
+ <artifactId>okio</artifactId>
+ <version>${okio.version}</version>
</dependency>
<dependency>
<groupId>com.squareup.okhttp3</groupId>
diff --git a/src/data-loading-booter/pom.xml b/src/data-loading-booter/pom.xml
index e70eed2b71..3c3ff8701b 100644
--- a/src/data-loading-booter/pom.xml
+++ b/src/data-loading-booter/pom.xml
@@ -24,7 +24,7 @@
</parent>
<modelVersion>4.0.0</modelVersion>
- <name>Kylin - Data loading Booter</name>
+ <name>Kylin - Data Loading Booter</name>
<groupId>org.apache.kylin</groupId>
<artifactId>kylin-data-loading-booter</artifactId>
@@ -144,7 +144,7 @@
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
<version>${jetty.version}</version>
- <scope>compile</scope>
+ <scope>test</scope>
<exclusions>
<exclusion>
<groupId>javax.servlet</groupId>
@@ -210,6 +210,17 @@
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
<version>${okhttp.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.squareup.okio</groupId>
+ <artifactId>okio</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>com.squareup.okio</groupId>
+ <artifactId>okio</artifactId>
+ <version>${okio.version}</version>
</dependency>
<dependency>
<groupId>com.squareup.okhttp3</groupId>
diff --git a/src/ops-booter/pom.xml b/src/ops-booter/pom.xml
index e984bb550f..c8448c45e7 100644
--- a/src/ops-booter/pom.xml
+++ b/src/ops-booter/pom.xml
@@ -81,6 +81,17 @@
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
<version>${okhttp.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.squareup.okio</groupId>
+ <artifactId>okio</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>com.squareup.okio</groupId>
+ <artifactId>okio</artifactId>
+ <version>${okio.version}</version>
</dependency>
<dependency>
<groupId>com.squareup.okhttp3</groupId>
diff --git a/src/query-booter/pom.xml b/src/query-booter/pom.xml
index e6e4fec679..b872d2185e 100644
--- a/src/query-booter/pom.xml
+++ b/src/query-booter/pom.xml
@@ -140,7 +140,7 @@
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
<version>${jetty.version}</version>
- <scope>compile</scope>
+ <scope>test</scope>
<exclusions>
<exclusion>
<groupId>javax.servlet</groupId>
diff --git a/src/spark-project/kylin-soft-affinity-cache/pom.xml
b/src/spark-project/kylin-soft-affinity-cache/pom.xml
index cfa824c8ef..60f81f210d 100644
--- a/src/spark-project/kylin-soft-affinity-cache/pom.xml
+++ b/src/spark-project/kylin-soft-affinity-cache/pom.xml
@@ -193,6 +193,34 @@
<groupId>org.scalatest</groupId>
<artifactId>scalatest-maven-plugin</artifactId>
</plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-shade-plugin</artifactId>
+ <executions>
+ <execution>
+ <phase>package</phase>
+ <goals>
+ <goal>shade</goal>
+ </goals>
+ <configuration>
+ <minimizeJar>false</minimizeJar>
+ <artifactSet>
+ <includes>
+
<include>org.apache.kylin:kylin-core-common</include>
+ </includes>
+ </artifactSet>
+ <filters>
+ <filter>
+
<artifact>org.apache.kylin:kylin-core-common</artifact>
+ <includes>
+
<include>org/apache/kylin/common/util/Unsafe.class</include>
+ </includes>
+ </filter>
+ </filters>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
</build>
</project>
