This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 1a457bbbab4 [cleanup][build] Remove leftover Maven files and
references (#25406)
1a457bbbab4 is described below
commit 1a457bbbab464417d5a101ddc7d5d75f16484dd4
Author: Matteo Merli <[email protected]>
AuthorDate: Thu Mar 26 23:09:08 2026 -0700
[cleanup][build] Remove leftover Maven files and references (#25406)
---
README.md | 2 +-
dev/README.md | 71 ----
dev/Vagrantfile | 88 -----
distribution/io/src/assemble/io.xml | 83 -----
.../offloaders/src/assemble/offloaders.xml | 54 ---
distribution/server/src/assemble/bin.xml | 136 -------
distribution/shell/src/assemble/shell.xml | 90 -----
...lsar-version-macro.py => get-pulsar-version.sh} | 19 +-
src/owasp-dependency-check-false-positives.xml | 212 -----------
src/owasp-dependency-check-suppressions.xml | 408 ---------------------
src/settings.xml | 37 --
tests/integration/build.gradle.kts | 2 +-
.../integration/containers/PulsarContainer.java | 2 +-
.../k8s/AbstractPulsarStandaloneK8STest.java | 4 +-
.../tests/integration/utils/DockerUtils.java | 4 +-
15 files changed, 11 insertions(+), 1201 deletions(-)
diff --git a/README.md b/README.md
index 273846a88a3..effab0c65fc 100644
--- a/README.md
+++ b/README.md
@@ -246,7 +246,7 @@ After the images are built, they can be tagged and pushed
to your custom reposit
```bash
image_repo_and_project=localhost:32000/apachepulsar
-pulsar_version=$(grep "^pulsar " gradle/libs.versions.toml | sed 's/.*= *"//'
| sed 's/"//')
+pulsar_version=$(src/get-pulsar-version.sh)
gitrev=$(git rev-parse HEAD | colrm 10)
tag="${pulsar_version}-${gitrev}"
echo "Using tag $tag"
diff --git a/dev/README.md b/dev/README.md
deleted file mode 100644
index 374d263b6e2..00000000000
--- a/dev/README.md
+++ /dev/null
@@ -1,71 +0,0 @@
-<!--
-
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-
--->
-
-## Apache Pulsar Dev Tools
-
-### Running Integration Tests on macOS
-
-Currently all the integration tests are docker based and written using
testcontainers framework.
-Due to the networking issues, the integration tests can only be run on linux
environment.
-For people who is using macOS as their development environment, you can use
[Vagrant](https://www.vagrantup.com)
-to launch a linux virtual machine and run the integration tests there.
-
-1. [Download and Install](https://www.vagrantup.com/downloads.html) Vagrant.
-
-2. Provision and launch the dev vm.
-
- ```shell
- $ cd ${PULSAR_HOME}/dev
-
- # provision the vm
- $ vagrant up
- ```
-
-3. The dev vm will try to mount your current pulsar workspace to be under
`/pulsar` in the vm. You might
- potentially hit following errors due to fail to install VirtualBox Guest
additions.
-
- ```
- /sbin/mount.vboxsf: mounting failed with the error: No such device
- ```
-
- If that happens, follow the below instructions:
-
- ```
- $ vagrant plugin install vagrant-vbguest
- $ vagrant destroy && vagrant up
-
- # reload the vm
- $ vagrant reload
- ```
-
-4. Now, you will have a pulsar dev vm ready for running integration tests.
-
- ```shell
- $ vagrant ssh
-
- # once you are in the pulsar dev vm, you can launch docker.
- [vagrant@bogon pulsar]$ sudo systemctl start docker
-
- # your pulsar workspace will be mount under /pulsar
- [vagrant@bogon pulsar]$ cd /pulsar
-
- # you can build and test using maven commands
- ```
diff --git a/dev/Vagrantfile b/dev/Vagrantfile
deleted file mode 100644
index db2b97539ab..00000000000
--- a/dev/Vagrantfile
+++ /dev/null
@@ -1,88 +0,0 @@
-#/**
-# * Licensed to the Apache Software Foundation (ASF) under one
-# * or more contributor license agreements. See the NOTICE file
-# * distributed with this work for additional information
-# * regarding copyright ownership. The ASF licenses this file
-# * to you under the Apache License, Version 2.0 (the
-# * "License"); you may not use this file except in compliance
-# * with the License. You may obtain a copy of the License at
-# *
-# * http://www.apache.org/licenses/LICENSE-2.0
-# *
-# * Unless required by applicable law or agreed to in writing, software
-# * distributed under the License is distributed on an "AS IS" BASIS,
-# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# * See the License for the specific language governing permissions and
-# * limitations under the License.
-# */
-
-# -*- mode: ruby -*-
-# vi: set ft=ruby :
-
-# All Vagrant configuration is done below. The "2" in Vagrant.configure
-# configures the configuration version (we support older styles for
-# backwards compatibility). Please don't change it unless you know what
-# you're doing.
-Vagrant.configure("2") do |config|
- # The most common configuration options are documented and commented below.
- # For a complete reference, please see the online documentation at
- # https://docs.vagrantup.com.
-
- # Every Vagrant development environment requires a box. You can search for
- # boxes at https://vagrantcloud.com/search.
- config.vm.box = "centos/7"
-
- # Disable automatic box update checking. If you disable this, then
- # boxes will only be checked for updates when the user runs
- # `vagrant box outdated`. This is not recommended.
- # config.vm.box_check_update = false
-
- # Create a forwarded port mapping which allows access to a specific port
- # within the machine from a port on the host machine. In the example below,
- # accessing "localhost:8080" will access port 80 on the guest machine.
- # NOTE: This will enable public access to the opened port
- # config.vm.network "forwarded_port", guest: 80, host: 8080
-
- # Create a forwarded port mapping which allows access to a specific port
- # within the machine from a port on the host machine and only allow access
- # via 127.0.0.1 to disable public access
- # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip:
"127.0.0.1"
-
- # Create a private network, which allows host-only access to the machine
- # using a specific IP.
- # config.vm.network "private_network", ip: "192.168.33.10"
-
- # Create a public network, which generally matched to bridged network.
- # Bridged networks make the machine appear as another physical device on
- # your network.
- # config.vm.network "public_network"
-
- # Share an additional folder to the guest VM. The first argument is
- # the path on the host to the actual folder. The second argument is
- # the path on the guest to mount the folder. And the optional third
- # argument is a set of non-required options.
- config.vm.synced_folder "..", "/pulsar"
-
- # Provider-specific configuration so you can fine-tune various
- # backing providers for Vagrant. These expose provider-specific options.
- # Example for VirtualBox:
- #
- config.vm.provider "virtualbox" do |vb|
- vb.name = "pulsar_dev_vm"
- vb.memory = "4096"
- end
- #
- # View the documentation for the provider you are using for more
- # information on available options.
-
- # Enable provisioning with a shell script. Additional provisioners such as
- # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
- # documentation for more information about their specific syntax and use.
- config.vm.provision "shell", inline: <<-SHELL
- yum update -y
- yum install -y kernel-devel
- yum install -y kernel-headers
- yum install -y unzip zip
- yum install -y wget vim java-1.8.0-openjdk-devel maven docker gcc-c++
- SHELL
-end
diff --git a/distribution/io/src/assemble/io.xml
b/distribution/io/src/assemble/io.xml
deleted file mode 100644
index 3e4ed50d939..00000000000
--- a/distribution/io/src/assemble/io.xml
+++ /dev/null
@@ -1,83 +0,0 @@
-<!--
-
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-
--->
-<assembly xmlns="http://maven.apache.org/ASSEMBLY/2.1.0";
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
- xsi:schemaLocation="http://maven.apache.org/ASSEMBLY/2.1.0
http://maven.apache.org/xsd/assembly-2.1.0.xsd";>
- <id>bin</id>
- <formats>
- <format>dir</format>
- </formats>
- <includeBaseDirectory>false</includeBaseDirectory>
- <files>
- <file>
- <source>${basedir}/../../LICENSE</source>
- <outputDirectory>.</outputDirectory>
- <fileMode>644</fileMode>
- </file>
- <file>
- <source>${basedir}/src/assemble/README</source>
- <destName>README</destName>
- <outputDirectory>.</outputDirectory>
- <fileMode>644</fileMode>
- </file>
-
- <!-- Include all connectors.
- There doesn't seem to be a straight way to automatically
- include all nars and place them in a single directory.
- -->
-
-
<file><source>${basedir}/../../pulsar-io/cassandra/target/pulsar-io-cassandra-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/kafka/target/pulsar-io-kafka-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/http/target/pulsar-io-http-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/kinesis/target/pulsar-io-kinesis-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/rabbitmq/target/pulsar-io-rabbitmq-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/nsq/target/pulsar-io-nsq-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/jdbc/sqlite/target/pulsar-io-jdbc-sqlite-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/jdbc/mariadb/target/pulsar-io-jdbc-mariadb-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/jdbc/clickhouse/target/pulsar-io-jdbc-clickhouse-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/jdbc/postgres/target/pulsar-io-jdbc-postgres-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/jdbc/openmldb/target/pulsar-io-jdbc-openmldb-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/data-generator/target/pulsar-io-data-generator-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/batch-data-generator/target/pulsar-io-batch-data-generator-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/aerospike/target/pulsar-io-aerospike-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/elastic-search/target/pulsar-io-elastic-search-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/kafka-connect-adaptor-nar/target/pulsar-io-kafka-connect-adaptor-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/hbase/target/pulsar-io-hbase-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/kinesis/target/pulsar-io-kinesis-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/hdfs3/target/pulsar-io-hdfs3-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/file/target/pulsar-io-file-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/data-generator/target/pulsar-io-data-generator-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/canal/target/pulsar-io-canal-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/netty/target/pulsar-io-netty-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/mongo/target/pulsar-io-mongo-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/debezium/mysql/target/pulsar-io-debezium-mysql-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/debezium/postgres/target/pulsar-io-debezium-postgres-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/debezium/oracle/target/pulsar-io-debezium-oracle-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/debezium/mssql/target/pulsar-io-debezium-mssql-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/debezium/mongodb/target/pulsar-io-debezium-mongodb-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/influxdb/target/pulsar-io-influxdb-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/redis/target/pulsar-io-redis-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/solr/target/pulsar-io-solr-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/dynamodb/target/pulsar-io-dynamodb-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/alluxio/target/pulsar-io-alluxio-${project.version}.nar</source></file>
-
<file><source>${basedir}/../../pulsar-io/azure-data-explorer/target/pulsar-io-azuredataexplorer-${project.version}.nar</source></file>
- </files>
-</assembly>
diff --git a/distribution/offloaders/src/assemble/offloaders.xml
b/distribution/offloaders/src/assemble/offloaders.xml
deleted file mode 100644
index 38f7eee9060..00000000000
--- a/distribution/offloaders/src/assemble/offloaders.xml
+++ /dev/null
@@ -1,54 +0,0 @@
-<!--
-
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-
--->
-<assembly xmlns="http://maven.apache.org/ASSEMBLY/2.1.0";
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
- xsi:schemaLocation="http://maven.apache.org/ASSEMBLY/2.1.0
http://maven.apache.org/xsd/assembly-2.1.0.xsd";>
- <id>bin</id>
- <formats>
- <format>tar.gz</format>
- </formats>
- <includeBaseDirectory>true</includeBaseDirectory>
- <files>
- <file>
- <source>${basedir}/../../LICENSE</source>
- <outputDirectory>.</outputDirectory>
- <fileMode>644</fileMode>
- </file>
- <file>
- <source>${basedir}/src/assemble/README</source>
- <destName>README</destName>
- <outputDirectory>.</outputDirectory>
- <fileMode>644</fileMode>
- </file>
-
- <file>
-
<source>${basedir}/../../tiered-storage/jcloud/target/tiered-storage-jcloud-${project.version}.nar</source>
- <outputDirectory>offloaders</outputDirectory>
- <fileMode>644</fileMode>
- </file>
-
- <file>
-
<source>${basedir}/../../tiered-storage/file-system/target/tiered-storage-file-system-${project.version}.nar</source>
- <outputDirectory>offloaders</outputDirectory>
- <fileMode>644</fileMode>
- </file>
- </files>
-</assembly>
diff --git a/distribution/server/src/assemble/bin.xml
b/distribution/server/src/assemble/bin.xml
deleted file mode 100644
index ea359c97363..00000000000
--- a/distribution/server/src/assemble/bin.xml
+++ /dev/null
@@ -1,136 +0,0 @@
-<!--
-
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-
--->
-<assembly xmlns="http://maven.apache.org/ASSEMBLY/2.1.0";
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
- xsi:schemaLocation="http://maven.apache.org/ASSEMBLY/2.1.0
http://maven.apache.org/xsd/assembly-2.1.0.xsd";>
- <id>bin</id>
- <formats>
- <format>tar.gz</format>
- </formats>
- <includeBaseDirectory>true</includeBaseDirectory>
- <moduleSets>
- <moduleSet>
- <useAllReactorProjects>true</useAllReactorProjects>
- </moduleSet>
- </moduleSets>
- <fileSets>
- <fileSet>
- <directory>${basedir}/../../conf</directory>
- <lineEnding>unix</lineEnding>
- </fileSet>
- <fileSet>
- <directory>${basedir}/../../bin</directory>
- <lineEnding>unix</lineEnding>
- <fileMode>755</fileMode>
- </fileSet>
- <fileSet>
- <directory>${basedir}/licenses</directory>
- </fileSet>
- <!-- created `instances/deps` directory -->
- <fileSet>
- <directory>.</directory>
- <outputDirectory>instances/deps</outputDirectory>
- <excludes>
- <exclude>*/**</exclude>
- </excludes>
- </fileSet>
- <fileSet>
-
<directory>${basedir}/../../pulsar-functions/instance/target/python-instance</directory>
- <outputDirectory>instances/python-instance</outputDirectory>
- </fileSet>
- <fileSet>
- <directory>${basedir}/../../pulsar-functions/python-examples</directory>
- <outputDirectory>examples/python-examples</outputDirectory>
- </fileSet>
- </fileSets>
- <files>
- <file>
- <source>${basedir}/src/assemble/README.bin.txt</source>
- <destName>README</destName>
- <outputDirectory>.</outputDirectory>
- <fileMode>644</fileMode>
- </file>
- <file>
- <source>${basedir}/src/assemble/LICENSE.bin.txt</source>
- <destName>LICENSE</destName>
- <outputDirectory>.</outputDirectory>
- <fileMode>644</fileMode>
- </file>
- <file>
- <source>${basedir}/src/assemble/NOTICE.bin.txt</source>
- <destName>NOTICE</destName>
- <outputDirectory>.</outputDirectory>
- <fileMode>644</fileMode>
- </file>
- <file>
-
<source>${basedir}/../../pulsar-functions/runtime-all/target/java-instance.jar</source>
- <destName>java-instance.jar</destName>
- <outputDirectory>instances</outputDirectory>
- </file>
- <file>
-
<source>${basedir}/../../pulsar-functions/java-examples/target/pulsar-functions-api-examples.jar</source>
- <destName>api-examples.jar</destName>
- <outputDirectory>examples</outputDirectory>
- </file>
- <file>
-
<source>${basedir}/../../pulsar-functions/java-examples/src/main/resources/example-function-config.yaml</source>
- <destName>example-function-config.yaml</destName>
- <outputDirectory>examples</outputDirectory>
- </file>
- <file>
-
<source>${basedir}/../../pulsar-functions/java-examples/src/main/resources/example-window-function-config.yaml</source>
- <destName>example-window-function-config.yaml</destName>
- <outputDirectory>examples</outputDirectory>
- </file>
- <file>
-
<source>${basedir}/../../pulsar-functions/java-examples/src/main/resources/example-stateful-function-config.yaml</source>
- <destName>example-stateful-function-config.yaml</destName>
- <outputDirectory>examples</outputDirectory>
- </file>
- </files>
- <dependencySets>
- <dependencySet>
- <outputDirectory>lib</outputDirectory>
- <unpack>false</unpack>
- <scope>runtime</scope>
- <useProjectArtifact>false</useProjectArtifact>
- <!-- Include 'groupId' in the dependencies Jar names to better identify
- the provenance of the jar -->
-
<outputFileNameMapping>${artifact.groupId}-${artifact.artifactId}-${artifact.version}${dashClassifier?}.${artifact.extension}</outputFileNameMapping>
-
- <excludes>
- <exclude>org.apache.pulsar:pulsar-functions-runtime-all</exclude>
-
- <!-- prevent adding pulsar-functions-api-examples in lib -->
- <exclude>org.apache.pulsar:pulsar-functions-api-examples</exclude>
- <!-- prevent adding any distribution .tar.gz files in lib -->
- <exclude>*:tar.gz</exclude>
- <!-- prevent adding annotation libraries -->
- <exclude>org.codehaus.mojo:animal-sniffer-annotations</exclude>
- <exclude>com.google.android:annotations</exclude>
- <!-- Needed only in the pulsar-shell distro only -->
- <exclude>net.java.dev.jna:jna</exclude>
- <!-- Exclude org.apache.zookeeper:zookeeper since the patched version
is included in the distribution -->
- <exclude>org.apache.zookeeper:zookeeper</exclude>
- </excludes>
- </dependencySet>
- </dependencySets>
-</assembly>
diff --git a/distribution/shell/src/assemble/shell.xml
b/distribution/shell/src/assemble/shell.xml
deleted file mode 100644
index f823e0258b2..00000000000
--- a/distribution/shell/src/assemble/shell.xml
+++ /dev/null
@@ -1,90 +0,0 @@
-<!--
-
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-
--->
-<assembly xmlns="http://maven.apache.org/ASSEMBLY/2.1.0";
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
- xsi:schemaLocation="http://maven.apache.org/ASSEMBLY/2.1.0
http://maven.apache.org/xsd/assembly-2.1.0.xsd";>
- <id>bin</id>
- <formats>
- <format>tar.gz</format>
- <format>zip</format>
- </formats>
- <includeBaseDirectory>true</includeBaseDirectory>
- <files>
- <file>
- <source>${basedir}/src/assemble/LICENSE.bin.txt</source>
- <destName>LICENSE</destName>
- <outputDirectory>.</outputDirectory>
- <fileMode>644</fileMode>
- </file>
- <file>
- <source>${basedir}/src/assemble/NOTICE.bin.txt</source>
- <destName>NOTICE</destName>
- <outputDirectory>.</outputDirectory>
- <fileMode>644</fileMode>
- </file>
- <file>
- <source>${basedir}/src/assemble/README</source>
- <destName>README</destName>
- <outputDirectory>.</outputDirectory>
- <fileMode>644</fileMode>
- </file>
-
- <file>
- <outputDirectory>bin</outputDirectory>
- <source>${basedir}/../../bin/pulsar-admin-common.sh</source>
- <fileMode>755</fileMode>
- </file>
- <file>
- <outputDirectory>bin</outputDirectory>
- <source>${basedir}/../../bin/pulsar-shell</source>
- <fileMode>755</fileMode>
- </file>
- <file>
- <outputDirectory>bin</outputDirectory>
- <source>${basedir}/../../bin/pulsar-admin-common.cmd</source>
- <fileMode>755</fileMode>
- </file>
- <file>
- <outputDirectory>bin</outputDirectory>
- <source>${basedir}/../../bin/pulsar-shell.cmd</source>
- <fileMode>755</fileMode>
- </file>
- <file>
- <outputDirectory>conf</outputDirectory>
- <source>${basedir}/../../conf/client.conf</source>
- </file>
- <file>
- <outputDirectory>conf</outputDirectory>
- <source>${basedir}/../../conf/log4j2.yaml</source>
- </file>
- </files>
-
- <dependencySets>
- <dependencySet>
- <outputDirectory>lib</outputDirectory>
- <unpack>false</unpack>
- <scope>compile</scope>
- <excludes>
- <exclude>org.projectlombok:lombok</exclude>
- </excludes>
- </dependencySet>
- </dependencySets>
-</assembly>
diff --git a/src/gen-pulsar-version-macro.py b/src/get-pulsar-version.sh
similarity index 60%
rename from src/gen-pulsar-version-macro.py
rename to src/get-pulsar-version.sh
index 85fb637d670..7bcb37855d1 100755
--- a/src/gen-pulsar-version-macro.py
+++ b/src/get-pulsar-version.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
@@ -18,18 +18,7 @@
# under the License.
#
-import xml.etree.ElementTree as ET
-import re
-from os.path import dirname, realpath, join
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+TOP_LEVEL_DIR="$(dirname "$SCRIPT_DIR")"
-# Derive the POM path from the current script location
-TOP_LEVEL_PATH = dirname(dirname(realpath(__file__)))
-POM_PATH = join(TOP_LEVEL_PATH, 'pom.xml')
-
-root = ET.XML(open(POM_PATH).read())
-m = re.search(r'^(\d+)\.(\d+)\.(\d+)',
root.find('{http://maven.apache.org/POM/4.0.0}version').text)
-
-version_macro = 0
-for i in range(3):
- version_macro += int(m.group(3 - i)) * (1000 ** i)
-print(version_macro)
+grep "^pulsar " "$TOP_LEVEL_DIR/gradle/libs.versions.toml" | sed 's/.*= *"//'
| sed 's/"//'
diff --git a/src/owasp-dependency-check-false-positives.xml
b/src/owasp-dependency-check-false-positives.xml
deleted file mode 100644
index 5abcae4efd5..00000000000
--- a/src/owasp-dependency-check-false-positives.xml
+++ /dev/null
@@ -1,212 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-
--->
-<suppressions
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd";>
- <!-- add supressions for false-positives detected by OWASP Dependency Check
-->
- <suppress>
- <notes>
- apache:http_server is not used.
- </notes>
- <cpe>cpe:/a:apache:http_server</cpe>
- </suppress>
- <suppress>
- <notes>
- apache:apache_http_server is not used.
- </notes>
- <cpe>cpe:/a:apache:apache_http_server</cpe>
- </suppress>
- <suppress>
- <notes>pulsar-package-bookkeeper-storage gets mixed with
bookkeeper.</notes>
- <gav regex="true">org\.apache\.pulsar:.*</gav>
- <cpe>cpe:/a:apache:bookkeeper</cpe>
- </suppress>
- <suppress>
- <notes>kubernetes client doesn't contain CVE-2020-8554</notes>
- <gav regex="true">io\.kubernetes:.*</gav>
- <cve>CVE-2020-8554</cve>
- </suppress>
- <suppress>
- <notes>avro doesn't contain CVE-2019-17195</notes>
- <gav regex="true">org\.apache\.avro:.*</gav>
- <cve>CVE-2019-17195</cve>
- </suppress>
- <suppress>
- <notes>CVE-2021-43045 affects only .NET distro, see
https://github.com/apache/avro/pull/1357</notes>
- <gav regex="true">org\.apache\.avro:.*</gav>
- <cve>CVE-2021-43045</cve>
- </suppress>
- <suppress base="true">
- <notes><![CDATA[
- FP per #3889
- ]]></notes>
- <packageUrl
regex="true">^pkg:maven/io\.netty/netty\-tcnative\-classes@.*$</packageUrl>
- <cpe>cpe:/a:netty:netty</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: netty-tcnative-boringssl-static-2.0.56.Final-osx-aarch_64.jar
- ]]></notes>
- <packageUrl
regex="true">^pkg:maven/io\.netty/netty\-tcnative\-boringssl\-static@.*$</packageUrl>
- <cpe>cpe:/a:chromium_project:chromium</cpe>
- </suppress>
- <suppress>
-<!-- Zookkeeper false positive about Jetty and commons-io-->
-<!-- https://github.com/apache/zookeeper/pull/1824-->
- <notes><![CDATA[
- file name: zookeeper-3.8.0.jar
- ]]></notes>
- <sha1>e395c1d8a71557b7569cc6a83487b2e30e2e58fe</sha1>
- <cve>CVE-2021-28164</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: zookeeper-3.8.0.jar
- ]]></notes>
- <sha1>e395c1d8a71557b7569cc6a83487b2e30e2e58fe</sha1>
- <cve>CVE-2021-29425</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: zookeeper-3.8.0.jar
- ]]></notes>
- <sha1>e395c1d8a71557b7569cc6a83487b2e30e2e58fe</sha1>
- <cve>CVE-2021-34429</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: zookeeper-prometheus-metrics-3.8.0.jar
- ]]></notes>
- <sha1>849e8ece2845cb0185d721233906d487a7f1e4cf</sha1>
- <cve>CVE-2021-28164</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: zookeeper-prometheus-metrics-3.8.0.jar
- ]]></notes>
- <sha1>849e8ece2845cb0185d721233906d487a7f1e4cf</sha1>
- <cve>CVE-2021-29425</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: zookeeper-prometheus-metrics-3.8.0.jar
- ]]></notes>
- <sha1>849e8ece2845cb0185d721233906d487a7f1e4cf</sha1>
- <cve>CVE-2021-34429</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: zookeeper-jute-3.8.0.jar
- ]]></notes>
- <sha1>6560f966bcf1aa78d27bcfa75fb6c4463a72c6c5</sha1>
- <cve>CVE-2021-28164</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: zookeeper-jute-3.8.0.jar
- ]]></notes>
- <sha1>6560f966bcf1aa78d27bcfa75fb6c4463a72c6c5</sha1>
- <cve>CVE-2021-29425</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: zookeeper-jute-3.8.0.jar
- ]]></notes>
- <sha1>6560f966bcf1aa78d27bcfa75fb6c4463a72c6c5</sha1>
- <cve>CVE-2021-34429</cve>
- </suppress>
-
- <!-- CVE-2021-23214 is about PostGre server -->
- <suppress>
- <notes><![CDATA[
- file name: debezium-connector-postgres-1.7.2.Final.jar
- ]]></notes>
- <sha1>69c1edfa7d89531af511fcd07e8516fa450f746a</sha1>
- <cve>CVE-2021-23214</cve>
- </suppress>
-
-
-<!-- MariaDB client is being confused with MariaDB server-->
- <suppress>
- <notes><![CDATA[
- file name: mariadb-java-client-2.7.5.jar
- ]]></notes>
- <sha1>9dd29797ecabe7d2e7fa892ec6713a5552cfcc59</sha1>
- <cve>CVE-2022-27376</cve>
- <cve>CVE-2022-27377</cve>
- <cve>CVE-2022-27378</cve>
- <cve>CVE-2022-27379</cve>
- <cve>CVE-2022-27380</cve>
- <cve>CVE-2022-27381</cve>
- <cve>CVE-2022-27382</cve>
- <cve>CVE-2022-27383</cve>
- <cve>CVE-2022-27384</cve>
- <cve>CVE-2022-27385</cve>
- <cve>CVE-2022-27386</cve>
- <cve>CVE-2022-27387</cve>
- </suppress>
-
- <!-- google-http-client-gson getting confused with gson-->
- <suppress>
- <notes><![CDATA[
- file name: google-http-client-gson-1.41.0.jar
- ]]></notes>
- <sha1>1a754a5dd672218a2ac667d7ff2b28df7a5a240e</sha1>
- <cve>CVE-2022-25647</cve>
- </suppress>
-
- <suppress>
- <notes>commons-net is not used at all and therefore commons-net
vulnerability CVE-2021-37533 is a false positive.</notes>
- <cve>CVE-2021-37533</cve>
- </suppress>
-
- <suppress>
- <notes>fredsmith utils library is not used at all. CVE-2021-4277 is a
false positive.</notes>
- <cve>CVE-2021-4277</cve>
- </suppress>
-
- <suppress>
- <notes>It treat pulsar-io-kafka-connect-adaptor as a lib of Kafka,
CVE-2021-25194 is a false positive.</notes>
- <cve>CVE-2023-25194</cve>
- </suppress>
-
- <suppress>
- <notes>It treat pulsar-io-kafka-connect-adaptor as a lib of Kafka,
CVE-2021-34917 is a false positive.</notes>
- <cve>CVE-2022-34917</cve>
- </suppress>
-
- <suppress>
- <notes>yaml_project is not used at all. Any CVEs reported for yaml_project
are false positives.</notes>
- <cpe>cpe:/a:yaml_project:yaml</cpe>
- </suppress>
-
- <suppress>
- <notes>flat_project is not used at all.</notes>
- <cpe>cpe:/a:flat_project:flat</cpe>
- </suppress>
-
- <suppress>
- <notes><![CDATA[
- CVE-2023-36479 has been addressed in jetty-servlets-9.4.53.v20231009.jar
and newer
- ]]></notes>
- <packageUrl
regex="true">^pkg:maven/org\.eclipse\.jetty/jetty\-servlets@.*$</packageUrl>
- <cve>CVE-2023-36479</cve>
- </suppress>
-</suppressions>
\ No newline at end of file
diff --git a/src/owasp-dependency-check-suppressions.xml
b/src/owasp-dependency-check-suppressions.xml
deleted file mode 100644
index 977e6514cfd..00000000000
--- a/src/owasp-dependency-check-suppressions.xml
+++ /dev/null
@@ -1,408 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-
--->
-<suppressions
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd";>
- <!-- add supressions for known vulnerabilities detected by OWASP
Dependency Check -->
- <suppress>
- <notes>Ignore netty CVEs in GRPC shaded Netty.</notes>
- <filePath regex="true">.*grpc-netty-shaded.*</filePath>
- <cpe>cpe:/a:netty:netty</cpe>
- </suppress>
- <suppress>
- <notes>Suppress libthrift-0.12.0.jar vulnerabilities</notes>
- <gav>org.apache.thrift:libthrift:0.12.0</gav>
- <vulnerabilityName regex="true">.*</vulnerabilityName>
- </suppress>
-
- <!-- influxdb dependencies -->
- <suppress>
- <notes><![CDATA[
- file name: msgpack-core-0.9.0.jar
- ]]></notes>
- <sha1>87d9ce0b22de48428fa32bb8ad476e18b6969548</sha1>
- <cve>CVE-2022-41719</cve>
- </suppress>
-
- <!-- see https://github.com/apache/pulsar/pull/16110 -->
- <suppress>
- <notes><![CDATA[
- file name: elasticsearch-java-8.1.0.jar
- CVE-2022-23712 is only related to Elastic server.
- ]]></notes>
- <sha1>edf5be04cbc2eafc51540ba33f9536e788b9d60b</sha1>
- <cve>CVE-2022-23712</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: elasticsearch-rest-client-8.1.0.jar
- CVE-2022-23712 is only related to Elastic server.
- ]]></notes>
- <sha1>10e7aa09f10955a074c0a574cb699344d2745df1</sha1>
- <cve>CVE-2022-23712</cve>
- </suppress>
-
- <!-- see https://github.com/apache/pulsar/pull/14629 -->
- <suppress>
- <notes><![CDATA[
- file name: kotlin-stdlib-common-1.4.32.jar
- ]]></notes>
- <sha1>ef50bfa2c0491a11dcc35d9822edbfd6170e1ea2</sha1>
- <cpe>cpe:/a:jetbrains:kotlin</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: kotlin-stdlib-jdk7-1.4.32.jar
- ]]></notes>
- <sha1>3546900a3ebff0c43f31190baf87a9220e37b7ea</sha1>
- <cve>CVE-2022-24329</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: kotlin-stdlib-jdk8-1.4.32.jar
- ]]></notes>
- <sha1>3302f9ec8a5c1ed220781dbd37770072549bd333</sha1>
- <cve>CVE-2022-24329</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: kotlin-stdlib-1.4.32.jar
- ]]></notes>
- <sha1>461367948840adbb0839c51d91ed74ef4a9ccb52</sha1>
- <cve>CVE-2022-24329</cve>
- </suppress>
-
- <!-- see https://github.com/alibaba/canal/issues/4010 -->
- <suppress>
- <notes><![CDATA[
- file name: canal.client-1.1.5.jar (shaded: com.google.guava:guava:22.0)
- ]]></notes>
- <sha1>b87878db57d5cfc2ca7d3972cc8f7486bf02fbca</sha1>
- <cve>CVE-2018-10237</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: canal.client-1.1.5.jar (shaded: com.google.guava:guava:22.0)
- ]]></notes>
- <sha1>b87878db57d5cfc2ca7d3972cc8f7486bf02fbca</sha1>
- <cve>CVE-2020-8908</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: canal.client-1.1.5.jar (shaded: com.google.guava:guava:32.1.1)
- CVE cannot take effect.
- Already covered by PR https://github.com/apache/pulsar/pull/20699
- ]]></notes>
- <sha1>b87878db57d5cfc2ca7d3972cc8f7486bf02fbca</sha1>
- <cve>CVE-2023-2976</cve>
- </suppress>
- <!-- clickhouse: security scan matches client lib to the server CVEs -->
- <suppress>
- <notes><![CDATA[
- file name: avro-1.10.2.jar
- ]]></notes>
- <sha1>a65aaa91c1aeceb3dd4859dbb9765d1c2063f5a2</sha1>
- <cve>CVE-2021-43045</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: clickhouse-jdbc-0.3.2.jar
- ]]></notes>
- <sha1>fa9a1ccda7d78edb51a3a33d3493566092786a30</sha1>
- <cve>CVE-2018-14668</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: clickhouse-jdbc-0.3.2.jar
- ]]></notes>
- <sha1>fa9a1ccda7d78edb51a3a33d3493566092786a30</sha1>
- <cve>CVE-2018-14669</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: clickhouse-jdbc-0.3.2.jar
- ]]></notes>
- <sha1>fa9a1ccda7d78edb51a3a33d3493566092786a30</sha1>
- <cve>CVE-2018-14670</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: clickhouse-jdbc-0.3.2.jar
- ]]></notes>
- <sha1>fa9a1ccda7d78edb51a3a33d3493566092786a30</sha1>
- <cve>CVE-2018-14671</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: clickhouse-jdbc-0.3.2.jar
- ]]></notes>
- <sha1>fa9a1ccda7d78edb51a3a33d3493566092786a30</sha1>
- <cve>CVE-2018-14672</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: clickhouse-jdbc-0.3.2.jar
- ]]></notes>
- <sha1>fa9a1ccda7d78edb51a3a33d3493566092786a30</sha1>
- <cve>CVE-2019-15024</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: clickhouse-jdbc-0.3.2.jar
- ]]></notes>
- <sha1>fa9a1ccda7d78edb51a3a33d3493566092786a30</sha1>
- <cve>CVE-2019-16535</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: clickhouse-jdbc-0.3.2.jar
- ]]></notes>
- <sha1>fa9a1ccda7d78edb51a3a33d3493566092786a30</sha1>
- <cve>CVE-2019-18657</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: clickhouse-jdbc-0.3.2.jar
- ]]></notes>
- <sha1>fa9a1ccda7d78edb51a3a33d3493566092786a30</sha1>
- <cve>CVE-2021-25263</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: clickhouse-jdbc-0.4.6-all.jar (shaded:
com.google.guava:guava:32.1.1)
- CVE cannot take effect.
- Already covered by PR https://github.com/apache/pulsar/pull/20699
- ]]></notes>
- <sha1>d3b929509399a698915b24ff47db781d0c526760</sha1>
- <cve>CVE-2023-2976</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: logback-core-1.1.3.jar
- ]]></notes>
- <sha1>e3c02049f2dbbc764681b40094ecf0dcbc99b157</sha1>
- <cpe>cpe:/a:qos:logback</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: rocketmq-acl-4.5.2.jar
- ]]></notes>
- <sha1>0e2bd9c162280cd79c2ea0f67f174ee5d7b84ddd</sha1>
- <cpe>cpe:/a:apache:rocketmq</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[Ignored since we are not vulnerable]]></notes>
- <packageUrl
regex="true">^pkg:maven/org\.springframework/spring.*$</packageUrl>
- <cve>CVE-2016-1000027</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: logback-classic-1.1.3.jar
- ]]></notes>
- <sha1>d90276fff414f06cb375f2057f6778cd63c6082f</sha1>
- <cpe>cpe:/a:qos:logback</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: logback-core-1.1.3.jar
- ]]></notes>
- <sha1>e3c02049f2dbbc764681b40094ecf0dcbc99b157</sha1>
- <vulnerabilityName>CVE-2017-5929</vulnerabilityName>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: logback-classic-1.1.3.jar
- ]]></notes>
- <sha1>d90276fff414f06cb375f2057f6778cd63c6082f</sha1>
- <cve>CVE-2017-5929</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: logback-classic-1.1.3.jar
- ]]></notes>
- <sha1>d90276fff414f06cb375f2057f6778cd63c6082f</sha1>
- <cve>CVE-2021-42550</cve>
- </suppress>
-
- <!-- bouncycastle misdetections -->
- <suppress>
- <notes><![CDATA[
- file name: bc-fips-1.0.2.jar
- ]]></notes>
- <sha1>4fb5db5f03d00f6a94e43b78d097978190e4abb2</sha1>
- <cve>CVE-2020-26939</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: bcpkix-fips-1.0.2.jar
- ]]></notes>
- <sha1>543bc7a08cdba0172e95e536b5f7ca61f021253d</sha1>
- <cve>CVE-2020-15522</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: bcpkix-fips-1.0.2.jar
- ]]></notes>
- <sha1>543bc7a08cdba0172e95e536b5f7ca61f021253d</sha1>
- <cve>CVE-2020-26939</cve>
- </suppress>
-
- <!-- jclouds/openswift misdetections -->
- <suppress>
- <notes><![CDATA[
- file name: openstack-swift-2.5.0.jar
- ]]></notes>
- <sha1>d99d0eab2e01d69d8a326fc152427fbd759af88a</sha1>
- <cve>CVE-2016-0738</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: openstack-swift-2.5.0.jar
- ]]></notes>
- <sha1>d99d0eab2e01d69d8a326fc152427fbd759af88a</sha1>
- <cve>CVE-2017-16613</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: openstack-keystone-2.5.0.jar
- ]]></notes>
- <sha1>a7e89bd278fa8be9fa604dda66d1606de5530797</sha1>
- <cve>CVE-2018-14432</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: openstack-keystone-2.5.0.jar
- ]]></notes>
- <sha1>a7e89bd278fa8be9fa604dda66d1606de5530797</sha1>
- <cve>CVE-2018-20170</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: openstack-keystone-2.5.0.jar
- ]]></notes>
- <sha1>a7e89bd278fa8be9fa604dda66d1606de5530797</sha1>
- <cve>CVE-2020-12689</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: openstack-keystone-2.5.0.jar
- ]]></notes>
- <sha1>a7e89bd278fa8be9fa604dda66d1606de5530797</sha1>
- <cve>CVE-2020-12690</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: openstack-keystone-2.5.0.jar
- ]]></notes>
- <sha1>a7e89bd278fa8be9fa604dda66d1606de5530797</sha1>
- <cve>CVE-2020-12691</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: openstack-keystone-2.5.0.jar
- ]]></notes>
- <sha1>a7e89bd278fa8be9fa604dda66d1606de5530797</sha1>
- <cve>CVE-2020-12692</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: openstack-keystone-2.5.0.jar
- ]]></notes>
- <sha1>a7e89bd278fa8be9fa604dda66d1606de5530797</sha1>
- <cve>CVE-2021-3563</cve>
- </suppress>
-
- <!-- Solr misdetection.
- Cannot be tied to a sha1,
- mismatches org.apache.pulsar:pulsar-io-solr:2.10.0-SNAPSHOT
- -->
- <suppress>
- <notes><![CDATA[
- file name: org.apache.pulsar:pulsar-io-solr:2.10.0-SNAPSHOT
- ]]></notes>
- <packageUrl
regex="true">^pkg:maven/org\.apache\.pulsar/pulsar\-io\-solr@.*-SNAPSHOT$</packageUrl>
- <cpe>cpe:/a:apache:pulsar</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: org.apache.pulsar:pulsar-io-solr:2.10.0-SNAPSHOT
- ]]></notes>
- <packageUrl
regex="true">^pkg:maven/org\.apache\.pulsar/pulsar\-io\-solr@.*-SNAPSHOT$</packageUrl>
- <cpe>cpe:/a:apache:solr</cpe>
- </suppress>
-
- <suppress>
- <notes><![CDATA[
- file name: protostream-types-4.4.1.Final.jar
- ]]></notes>
- <sha1>29b45ebea1e4ce62ab3ec5eb76fa9771f98941b0</sha1>
- <cve>CVE-2016-0750</cve>
- <cve>CVE-2017-15089</cve>
- <cve>CVE-2017-2638</cve>
- <cve>CVE-2019-10158</cve>
- <cve>CVE-2019-10174</cve>
- <cve>CVE-2020-25711</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: mariadb-java-client-2.7.5.jar
- ]]></notes>
- <sha1>9dd29797ecabe7d2e7fa892ec6713a5552cfcc59</sha1>
- <cve>CVE-2020-28912</cve>
- <cve>CVE-2021-46669</cve>
- <cve>CVE-2021-46666</cve>
- <cve>CVE-2021-46667</cve>
- </suppress>
- <!-- only affects the server -->
- <suppress>
- <notes><![CDATA[
- file name: cassandra-driver-core-3.11.2.jar
- ]]></notes>
- <sha1>e0aad9f8611e710b9a0ce49747f7465ce07d8404</sha1>
- <cve>CVE-2020-17516</cve>
- <cve>CVE-2021-44521</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- The vulnerable method is deprecated in Guava, but isn't removed. It's
necessary to suppress this CVE.
- See https://github.com/google/guava/issues/4011
- ]]></notes>
- <cve>CVE-2020-8908</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- This is a false positive in jackson-databind.
- See
https://github.com/FasterXML/jackson-databind/issues/3972#issuecomment-1596604021
- ]]></notes>
- <cve>CVE-2023-35116</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- This is a false positive in avro-protobuf. The vulnerability is in Hamba
avro golang library.
- ]]></notes>
- <cve>CVE-2023-37475</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- This CVE can be suppressed since it is covered in Pulsar by hostname
verification changes made in https://github.com/apache/pulsar/pull/15824.
- ]]></notes>
- <cve>CVE-2023-4586</cve>
- </suppress>
-</suppressions>
diff --git a/src/settings.xml b/src/settings.xml
deleted file mode 100644
index b27c9356340..00000000000
--- a/src/settings.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-
--->
-<settings>
- <servers>
- <!-- To publish a snapshot of some part of Maven -->
- <server>
- <id>apache.snapshots.https</id>
- <username>${env.APACHE_USER}</username>
- <password>${env.APACHE_PASSWORD}</password>
- </server>
-
- <!-- To stage a release of some part of Maven -->
- <server>
- <id>apache.releases.https</id>
- <username>${env.APACHE_USER}</username>
- <password>${env.APACHE_PASSWORD}</password>
- </server>
- </servers>
-</settings>
diff --git a/tests/integration/build.gradle.kts
b/tests/integration/build.gradle.kts
index fc609cf1fe9..c1d87f91ab1 100644
--- a/tests/integration/build.gradle.kts
+++ b/tests/integration/build.gradle.kts
@@ -114,7 +114,7 @@ val integrationTest by tasks.registering(Test::class) {
}
systemProperty("currentVersion", project.version.toString())
- systemProperty("maven.buildDirectory",
layout.buildDirectory.get().asFile.absolutePath)
+ systemProperty("buildDirectory",
layout.buildDirectory.get().asFile.absolutePath)
systemProperty("kafka.version", kafkaVersion)
systemProperty("debezium.version", debeziumVersion)
diff --git
a/tests/integration/src/test/java/org/apache/pulsar/tests/integration/containers/PulsarContainer.java
b/tests/integration/src/test/java/org/apache/pulsar/tests/integration/containers/PulsarContainer.java
index e051211f645..62dacdb27fd 100644
---
a/tests/integration/src/test/java/org/apache/pulsar/tests/integration/containers/PulsarContainer.java
+++
b/tests/integration/src/test/java/org/apache/pulsar/tests/integration/containers/PulsarContainer.java
@@ -392,7 +392,7 @@ public abstract class PulsarContainer<SelfT extends
PulsarContainer<SelfT>> exte
sb.append("-agentpath:/opt/async-profiler/lib/libasyncProfiler.so=start,");
sb.append(System.getProperty("inttest.asyncprofiler.opts",
"event=cpu,lock=1ms,alloc=2m,jfrsync=profile"));
sb.append(",file=/profiles/inttest_profile_").append(System.getProperty("git.commit.id.abbrev",
""));
- sb.append("_").append(System.getProperty("maven.build.timestamp",
"").replace(' ', '_'));
+ sb.append("_").append(System.getProperty("build.timestamp",
"").replace(' ', '_'));
sb.append("_").append(getContainerName());
sb.append("_").append("%p.").append(System.getProperty("inttest.asyncprofiler.outputformat",
"jfr"));
initializePulsarExtraOpts();
diff --git
a/tests/integration/src/test/java/org/apache/pulsar/tests/integration/k8s/AbstractPulsarStandaloneK8STest.java
b/tests/integration/src/test/java/org/apache/pulsar/tests/integration/k8s/AbstractPulsarStandaloneK8STest.java
index 1c4f2503abc..8f77fdd12b3 100644
---
a/tests/integration/src/test/java/org/apache/pulsar/tests/integration/k8s/AbstractPulsarStandaloneK8STest.java
+++
b/tests/integration/src/test/java/org/apache/pulsar/tests/integration/k8s/AbstractPulsarStandaloneK8STest.java
@@ -169,9 +169,9 @@ public abstract class AbstractPulsarStandaloneK8STest {
}
private File getTargetDirectoryForLogs() {
- String base = System.getProperty("maven.buildDirectory");
+ String base = System.getProperty("buildDirectory");
if (base == null) {
- base = "target";
+ base = "build";
}
// use the container-logs directory since it's used in CI for
integration tests as the file location
File directory = new File(new File(base, "container-logs"),
diff --git
a/tests/integration/src/test/java/org/apache/pulsar/tests/integration/utils/DockerUtils.java
b/tests/integration/src/test/java/org/apache/pulsar/tests/integration/utils/DockerUtils.java
index 5b518425df5..fde3463498c 100644
---
a/tests/integration/src/test/java/org/apache/pulsar/tests/integration/utils/DockerUtils.java
+++
b/tests/integration/src/test/java/org/apache/pulsar/tests/integration/utils/DockerUtils.java
@@ -58,9 +58,9 @@ public class DockerUtils {
private static final Logger LOG =
LoggerFactory.getLogger(DockerUtils.class);
private static File getTargetDirectory(String containerId) {
- String base = System.getProperty("maven.buildDirectory");
+ String base = System.getProperty("buildDirectory");
if (base == null) {
- base = "target";
+ base = "build";
}
File directory = new File(base + "/container-logs/" + containerId);
if (!directory.exists() && !directory.mkdirs()) {
