This is an automated email from the ASF dual-hosted git repository. lhotari pushed a commit to branch branch-4.17 in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
commit 8ad8e3b807b24d4bb54b3c67c90071a72dc9460b Author: Lari Hotari <[email protected]> AuthorDate: Wed Nov 13 15:29:25 2024 +0000 Upgrade Zookeeper to 3.9.3 to address CVE-2024-51504 (#4523) * Upgrade Zookeeper to 3.9.3 to address CVE-2024-51504 * Upgrade curator to 5.7.1 (cherry picked from commit af8baa18ad9f5d079400f65d8f686a78bf93c393) --- bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt | 14 +++++++------- bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt | 14 +++++++------- bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt | 14 +++++++------- pom.xml | 4 ++-- 4 files changed, 23 insertions(+), 23 deletions(-) diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt index a5f2333a6f..dc075ff335 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt @@ -261,9 +261,9 @@ Apache Software License, Version 2. - lib/org.apache.logging.log4j-log4j-slf4j-impl-2.18.0.jar [17] - lib/org.apache.commons-commons-collections4-4.1.jar [19] - lib/org.apache.commons-commons-lang3-3.6.jar [20] -- lib/org.apache.zookeeper-zookeeper-3.8.4.jar [21] -- lib/org.apache.zookeeper-zookeeper-jute-3.8.4.jar [21] -- lib/org.apache.zookeeper-zookeeper-3.8.4-tests.jar [21] +- lib/org.apache.zookeeper-zookeeper-3.9.3.jar [21] +- lib/org.apache.zookeeper-zookeeper-jute-3.9.3.jar [21] +- lib/org.apache.zookeeper-zookeeper-3.9.3-tests.jar [21] - lib/org.eclipse.jetty-jetty-http-9.4.53.v20231009.jar [22] - lib/org.eclipse.jetty-jetty-io-9.4.53.v20231009.jar [22] - lib/org.eclipse.jetty-jetty-security-9.4.53.v20231009.jar [22] @@ -299,9 +299,9 @@ Apache Software License, Version 2. - lib/io.grpc-grpc-util-1.64.0.jar [33] - lib/io.grpc-grpc-xds-1.64.0.jar [33] - lib/io.grpc-grpc-rls-1.64.0.jar[33] -- lib/org.apache.curator-curator-client-5.1.0.jar [34] -- lib/org.apache.curator-curator-framework-5.1.0.jar [34] -- lib/org.apache.curator-curator-recipes-5.1.0.jar [34] +- lib/org.apache.curator-curator-client-5.7.1.jar [34] +- lib/org.apache.curator-curator-framework-5.7.1.jar [34] +- lib/org.apache.curator-curator-recipes-5.7.1.jar [34] - lib/com.google.errorprone-error_prone_annotations-2.9.0.jar [36] - lib/org.apache.yetus-audience-annotations-0.12.0.jar [37] - lib/org.jctools-jctools-core-2.1.2.jar [38] @@ -382,7 +382,7 @@ Apache Software License, Version 2. [29] Source available at https://github.com/google/gson/tree/gson-parent-2.10.1 [30] Source available at https://github.com/census-instrumentation/opencensus-java/tree/v0.31.1 [33] Source available at https://github.com/grpc/grpc-java/tree/v1.64.0 -[34] Source available at https://github.com/apache/curator/releases/tag/apache.curator-5.1.0 +[34] Source available at https://github.com/apache/curator/releases/tag/apache.curator-5.7.1 [36] Source available at https://github.com/google/error-prone/tree/v2.9.0 [37] Source available at https://github.com/apache/yetus/tree/rel/0.12.0 [38] Source available at https://github.com/JCTools/JCTools/tree/v2.1.2 diff --git a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt index 325069339a..a908d5de89 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt @@ -242,9 +242,9 @@ Apache Software License, Version 2. - lib/org.apache.logging.log4j-log4j-slf4j-impl-2.18.0.jar [16] - lib/org.apache.commons-commons-collections4-4.1.jar [18] - lib/org.apache.commons-commons-lang3-3.6.jar [19] -- lib/org.apache.zookeeper-zookeeper-3.8.4.jar [20] -- lib/org.apache.zookeeper-zookeeper-jute-3.8.4.jar [20] -- lib/org.apache.zookeeper-zookeeper-3.8.4-tests.jar [20] +- lib/org.apache.zookeeper-zookeeper-3.9.3.jar [20] +- lib/org.apache.zookeeper-zookeeper-jute-3.9.3.jar [20] +- lib/org.apache.zookeeper-zookeeper-3.9.3-tests.jar [20] - lib/com.beust-jcommander-1.82.jar [23] - lib/net.jpountz.lz4-lz4-1.3.0.jar [25] - lib/com.google.api.grpc-proto-google-common-protos-2.29.0.jar [27] @@ -270,9 +270,9 @@ Apache Software License, Version 2. - lib/io.grpc-grpc-util-1.64.0.jar [32] - lib/io.grpc-grpc-xds-1.64.0.jar [32] - lib/io.grpc-grpc-rls-1.64.0.jar[32] -- lib/org.apache.curator-curator-client-5.1.0.jar [33] -- lib/org.apache.curator-curator-framework-5.1.0.jar [33] -- lib/org.apache.curator-curator-recipes-5.1.0.jar [33] +- lib/org.apache.curator-curator-client-5.7.1.jar [33] +- lib/org.apache.curator-curator-framework-5.7.1.jar [33] +- lib/org.apache.curator-curator-recipes-5.7.1.jar [33] - lib/com.google.errorprone-error_prone_annotations-2.9.0.jar [35] - lib/org.apache.yetus-audience-annotations-0.12.0.jar [36] - lib/org.jctools-jctools-core-2.1.2.jar [37] @@ -315,7 +315,7 @@ Apache Software License, Version 2. [28] Source available at https://github.com/google/gson/tree/gson-parent-2.10.1 [29] Source available at https://github.com/census-instrumentation/opencensus-java/tree/v0.31.1 [32] Source available at https://github.com/grpc/grpc-java/tree/v1.64.0 -[33] Source available at https://github.com/apache/curator/tree/apache-curator-5.1.0 +[33] Source available at https://github.com/apache/curator/tree/apache-curator-5.7.1 [35] Source available at https://github.com/google/error-prone/tree/v2.9.0 [36] Source available at https://github.com/apache/yetus/tree/rel/0.12.0 [37] Source available at https://github.com/JCTools/JCTools/tree/v2.1.2 diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt index 2086ac7d32..5de9324be9 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt @@ -261,9 +261,9 @@ Apache Software License, Version 2. - lib/org.apache.logging.log4j-log4j-slf4j-impl-2.18.0.jar [17] - lib/org.apache.commons-commons-collections4-4.1.jar [19] - lib/org.apache.commons-commons-lang3-3.6.jar [20] -- lib/org.apache.zookeeper-zookeeper-3.8.4.jar [21] -- lib/org.apache.zookeeper-zookeeper-jute-3.8.4.jar [21] -- lib/org.apache.zookeeper-zookeeper-3.8.4-tests.jar [21] +- lib/org.apache.zookeeper-zookeeper-3.9.3.jar [21] +- lib/org.apache.zookeeper-zookeeper-jute-3.9.3.jar [21] +- lib/org.apache.zookeeper-zookeeper-3.9.3-tests.jar [21] - lib/org.eclipse.jetty-jetty-http-9.4.53.v20231009.jar [22] - lib/org.eclipse.jetty-jetty-io-9.4.53.v20231009.jar [22] - lib/org.eclipse.jetty-jetty-security-9.4.53.v20231009.jar [22] @@ -299,9 +299,9 @@ Apache Software License, Version 2. - lib/io.grpc-grpc-util-1.64.0.jar [33] - lib/io.grpc-grpc-xds-1.64.0.jar [33] - lib/io.grpc-grpc-rls-1.64.0.jar[33] -- lib/org.apache.curator-curator-client-5.1.0.jar [34] -- lib/org.apache.curator-curator-framework-5.1.0.jar [34] -- lib/org.apache.curator-curator-recipes-5.1.0.jar [34] +- lib/org.apache.curator-curator-client-5.7.1.jar [34] +- lib/org.apache.curator-curator-framework-5.7.1.jar [34] +- lib/org.apache.curator-curator-recipes-5.7.1.jar [34] - lib/com.google.errorprone-error_prone_annotations-2.9.0.jar [36] - lib/org.apache.yetus-audience-annotations-0.12.0.jar [37] - lib/org.jctools-jctools-core-2.1.2.jar [38] @@ -378,7 +378,7 @@ Apache Software License, Version 2. [29] Source available at https://github.com/google/gson/tree/gson-parent-2.10.1 [30] Source available at https://github.com/census-instrumentation/opencensus-java/tree/v0.31.1 [33] Source available at https://github.com/grpc/grpc-java/tree/v1.64.0 -[34] Source available at https://github.com/apache/curator/releases/tag/apache.curator-5.1.0 +[34] Source available at https://github.com/apache/curator/releases/tag/apache.curator-5.7.1 [36] Source available at https://github.com/google/error-prone/tree/v2.9.0 [37] Source available at https://github.com/apache/yetus/tree/rel/0.12.0 [38] Source available at https://github.com/JCTools/JCTools/tree/v2.1.2 diff --git a/pom.xml b/pom.xml index 876b05e437..2714293f6a 100644 --- a/pom.xml +++ b/pom.xml @@ -127,7 +127,7 @@ <commons-lang3.version>3.6</commons-lang3.version> <commons-io.version>2.7</commons-io.version> <bouncycastle.version>1.0.2.4</bouncycastle.version> - <curator.version>5.1.0</curator.version> + <curator.version>5.7.1</curator.version> <dropwizard.version>4.1.12.1</dropwizard.version> <jetcd.version>0.7.7</jetcd.version> <failsafe.version>3.2.2</failsafe.version> @@ -174,7 +174,7 @@ <javax-annotations-api.version>1.3.2</javax-annotations-api.version> <testcontainers.version>1.19.4</testcontainers.version> <vertx.version>4.5.7</vertx.version> - <zookeeper.version>3.8.4</zookeeper.version> + <zookeeper.version>3.9.3</zookeeper.version> <snappy.version>1.1.10.5</snappy.version> <jctools.version>2.1.2</jctools.version> <hppc.version>0.9.1</hppc.version>
