This is an automated email from the ASF dual-hosted git repository.
pdallig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/master by this push:
new bf5c66672a [ZEPPELIN-5829] upgrade gson to 2.8.9 due to CVE-2022-25647
(#4476)
bf5c66672a is described below
commit bf5c66672a31e513a2589a1d1355ffbfd420ff42
Author: Guanhua Li <guanhua...@foxmail.com>
AuthorDate: Thu Oct 13 20:08:17 2022 +0800
[ZEPPELIN-5829] upgrade gson to 2.8.9 due to CVE-2022-25647 (#4476)
---
bigquery/pom.xml | 1 -
influxdb/pom.xml | 3 +--
pom.xml | 2 +-
shell/pom.xml | 1 -
zeppelin-distribution/src/bin_license/LICENSE | 2 +-
.../bin_license/licenses/{LICENSE-gson-2.2 => LICENSE-gson-2.8.9} | 5 ++---
zeppelin-integration/pom.xml | 2 +-
7 files changed, 6 insertions(+), 10 deletions(-)
diff --git a/bigquery/pom.xml b/bigquery/pom.xml
index c3d0f95ae3..93d6deb849 100644
--- a/bigquery/pom.xml
+++ b/bigquery/pom.xml
@@ -39,7 +39,6 @@
<!-- library versions -->
<bigquery.api.version>v2-rev20190917-1.30.3</bigquery.api.version>
- <gson.version>2.8.9</gson.version>
<guava.version>24.1.1-jre</guava.version>
<interpreter.name>bigquery</interpreter.name>
diff --git a/influxdb/pom.xml b/influxdb/pom.xml
index cbeec24a23..bc4e9a3852 100644
--- a/influxdb/pom.xml
+++ b/influxdb/pom.xml
@@ -37,7 +37,6 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<influxdb.client.version>1.7.0</influxdb.client.version>
<dependency.okhttp3.version>3.13.1</dependency.okhttp3.version>
- <dependency.gson.version>2.8.9</dependency.gson.version>
</properties>
<dependencies>
@@ -49,7 +48,7 @@
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
- <version>${dependency.gson.version}</version>
+ <version>${gson.version}</version>
</dependency>
<dependency>
<groupId>com.squareup.okhttp3</groupId>
diff --git a/pom.xml b/pom.xml
index 432eeb40d8..362714518d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -115,7 +115,7 @@
<log4j.version>1.2.17</log4j.version>
<libthrift.version>0.13.0</libthrift.version>
<flexmark.all.version>0.62.2</flexmark.all.version>
- <gson.version>2.8.6</gson.version>
+ <gson.version>2.8.9</gson.version>
<gson-extras.version>0.2.2</gson-extras.version>
<jetty.version>9.4.43.v20210629</jetty.version>
<httpcomponents.core.version>4.4.1</httpcomponents.core.version>
diff --git a/shell/pom.xml b/shell/pom.xml
index dbc048be5e..f4d1343725 100644
--- a/shell/pom.xml
+++ b/shell/pom.xml
@@ -38,7 +38,6 @@
<pty4j.version>0.9.3</pty4j.version>
<jinjava.version>2.4.0</jinjava.version>
<guava.version>24.1.1-jre</guava.version>
- <gson.version>2.8.9</gson.version>
</properties>
<!-- pty4j library not in maven central repository
(http://repo.maven.apache.org/maven2) -->
diff --git a/zeppelin-distribution/src/bin_license/LICENSE
b/zeppelin-distribution/src/bin_license/LICENSE
index bd52986b8b..7f90d43bdd 100644
--- a/zeppelin-distribution/src/bin_license/LICENSE
+++ b/zeppelin-distribution/src/bin_license/LICENSE
@@ -1,7 +1,7 @@
The following components are provided under Apache License.
(Apache 2.0) nvd3.js v1.7.1 (http://nvd3.org/) -
https://github.com/novus/nvd3/blob/v1.7.1/LICENSE.md
- (Apache 2.0) gson v2.2 (com.google.code.gson:gson:jar:2.2 -
https://github.com/google/gson) -
https://github.com/google/gson/blob/gson-2.2/LICENSE
+ (Apache 2.0) gson v2.8.9 (com.google.code.gson:gson:jar:2.8.9 -
https://github.com/google/gson) -
https://github.com/google/gson/blob/gson-parent-2.8.9/LICENSE
(Apache 2.0) Amazon Web Services SDK for Java v1.11.736
(https://aws.amazon.com/sdk-for-java/) -
https://raw.githubusercontent.com/aws/aws-sdk-java/1.11.736/LICENSE.txt
(Apache 2.0) JavaEWAH v0.7.9 (https://github.com/lemire/javaewah) -
https://github.com/lemire/javaewah/blob/master/LICENSE-2.0.txt
(Apache 2.0) Apache Commons Logging (commons-logging:commons-logging:1.1.1
- http://commons.apache.org/proper/commons-logging/)
diff --git a/zeppelin-distribution/src/bin_license/licenses/LICENSE-gson-2.2
b/zeppelin-distribution/src/bin_license/licenses/LICENSE-gson-2.8.9
similarity index 99%
rename from zeppelin-distribution/src/bin_license/licenses/LICENSE-gson-2.2
rename to zeppelin-distribution/src/bin_license/licenses/LICENSE-gson-2.8.9
index 8763058a27..7a4a3ea242 100644
--- a/zeppelin-distribution/src/bin_license/licenses/LICENSE-gson-2.2
+++ b/zeppelin-distribution/src/bin_license/licenses/LICENSE-gson-2.8.9
@@ -1,4 +1,3 @@
-Google Gson
Apache License
Version 2.0, January 2004
@@ -188,7 +187,7 @@ Google Gson
same "printed page" as the copyright notice for easier
identification within third-party archives.
- Copyright 2008-2011 Google Inc.
+ Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -200,4 +199,4 @@ Google Gson
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
- limitations under the License.
+ limitations under the License.
\ No newline at end of file
diff --git a/zeppelin-integration/pom.xml b/zeppelin-integration/pom.xml
index 9a589a716f..15d9907339 100644
--- a/zeppelin-integration/pom.xml
+++ b/zeppelin-integration/pom.xml
@@ -51,7 +51,7 @@
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
- <version>2.8.9</version>
+ <version>${gson.version}</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
