massakam opened a new pull request #4056: [client] Upgrade athenz libraries URL: https://github.com/apache/pulsar/pull/4056 ### Motivation The version of Athenz libraries that Pulsar is using now is 1.7.17, which is a little old. Athenz v1.7.17 has a dependency on a library with security vulnerable (i.e. jackson-databind-2.5.4). ``` [INFO] +- org.apache.pulsar:pulsar-client-auth-athenz:jar:2.3.1:compile [INFO] | \- com.yahoo.athenz:athenz-zts-java-client:jar:1.7.17:compile [INFO] | +- com.yahoo.athenz:athenz-zts-core:jar:1.7.17:compile [INFO] | | +- com.fasterxml.jackson.core:jackson-databind:jar:2.5.4:compile [INFO] | | \- com.fasterxml.jackson.core:jackson-annotations:jar:2.5.4:compile [INFO] | +- com.yahoo.athenz:athenz-client-common:jar:1.7.17:compile [INFO] | | \- com.yahoo.athenz:athenz-zms-core:jar:1.7.17:compile [INFO] | +- com.yahoo.athenz:athenz-auth-core:jar:1.7.17:compile [INFO] | | \- org.kohsuke:libpam4j:jar:1.6:compile [INFO] | | \- net.java.dev.jna:jna:jar:3.4.0:compile [INFO] | \- com.yahoo.rdl:rdl-java:jar:1.4.13:compile [INFO] | \- com.fasterxml.jackson.core:jackson-core:jar:2.3.2:compile ``` ### Modifications Upgraded the Athenz libraries to 1.8.17. ### Verifying this change - [ ] Make sure that the change passes the CI checks.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
