This is an automated email from the ASF dual-hosted git repository. wusheng pushed a commit to branch dep-commons-compress in repository https://gitbox.apache.org/repos/asf/skywalking.git
commit cd1b8b9404a1ed78db40d9893ee9861b5b7e05f4 Author: Wu Sheng <[email protected]> AuthorDate: Tue Aug 3 11:31:01 2021 +0800 Fix CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090 --- CHANGES.md | 5 +++++ dist-material/release-docs/LICENSE | 15 ++++++++------- oap-server-bom/pom.xml | 2 +- .../known-oap-backend-dependencies-es7.txt | 19 ++++++++++--------- tools/dependencies/known-oap-backend-dependencies.txt | 19 ++++++++++--------- 5 files changed, 34 insertions(+), 26 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index f5f4bed..2dd50bd 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -8,10 +8,15 @@ Release Notes. #### Project #### Java Agent + * Support Multiple DNS period resolving mechanism #### OAP-Backend +* Fix CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090. Upgrade org.apache.commons:commons-compress to + 1.21. +* kubernetes java client upgrade from 12.0.1 to 13.0.0 + #### UI #### Documentation diff --git a/dist-material/release-docs/LICENSE b/dist-material/release-docs/LICENSE index e049a27..97c7696 100755 --- a/dist-material/release-docs/LICENSE +++ b/dist-material/release-docs/LICENSE @@ -270,7 +270,7 @@ The text of each license is the standard Apache 2.0 license. Apache: commons-collections 3.2.2: https://github.com/apache/commons-collections, Apache 2.0 Apache: commons-configuration 1.8: https://github.com/apache/commons-configuration, Apache 2.0 Apache: commons-io 2.4: https://github.com/apache/commons-io, Apache 2.0 - Apache: commons-compress 1.20: https://github.com/apache/commons-compress, Apache 2.0 + Apache: commons-compress 1.21: https://github.com/apache/commons-compress, Apache 2.0 Apache: commons-collections4 4.4: https://mvnrepository.com/artifact/org.apache.commons/commons-collections4, Apache 2.0 Apache: freemarker 2.3.28: https://github.com/apache/freemarker, Apache 2.0 netty 4.1.65: https://github.com/netty/netty/blob/4.1/LICENSE.txt, Apache 2.0 @@ -306,7 +306,7 @@ The text of each license is the standard Apache 2.0 license. HikariCP 3.1.0: https://github.com/brettwooldridge/HikariCP, Apache 2.0 zipkin 2.9.1: https://github.com/openzipkin/zipkin, Apache 2.0 sharding-jdbc-core 2.0.3: https://github.com/sharding-sphere/sharding-sphere, Apache 2.0 - kubernetes-client 12.0.1: https://github.com/kubernetes-client/java, Apache 2.0 + kubernetes-client 13.0.0: https://github.com/kubernetes-client/java, Apache 2.0 proto files from istio/istio: https://github.com/istio/istio Apache 2.0 proto files from istio/api: https://github.com/istio/api Apache 2.0 nacos 1.4.2: https://github.com/alibaba/nacos, Apache 2.0 @@ -330,7 +330,7 @@ The text of each license is the standard Apache 2.0 license. logging-interceptor 3.13.1: https://github.com/square/okhttp/tree/master/okhttp-logging-interceptor, Apache 2.0 msgpack-core 0.8.16: https://github.com/msgpack/msgpack-java, Apache 2.0 swagger-annotations 1.6.2: https://mvnrepository.com/artifact/io.swagger.core.v3/swagger-annotations, Apache 2.0 - jose4j 0.7.6: https://mvnrepository.com/artifact/org.bitbucket.b_c/jose4j, Apache 2.0 + jose4j 0.7.8: https://mvnrepository.com/artifact/org.bitbucket.b_c/jose4j, Apache 2.0 converter-moshi 2.5.0: https://mvnrepository.com/artifact/com.squareup.retrofit2/converter-moshi, Apache 2.0 vavr 0.10.3: https://github.com/vavr-io/vavr, Apache 2.0 kafka-clients 2.4.1: https://github.com/apache/kafka, Apache 2.0 @@ -340,7 +340,7 @@ The text of each license is the standard Apache 2.0 license. mvel 2.4.8: https://github.com/mvel/mvel, Apache 2.0 okio 1.17.2: https://github.com/square/okio Apache 2.0 caffeine 2.6.2: https://github.com/ben-manes/caffeine Apache 2.0 - simpleclient_httpserver from prometheus https://github.com/prometheus/client_java Apache 2.0 + simpleclient_httpserver 0.11 from prometheus https://github.com/prometheus/client_java Apache 2.0 jetcd 0.5.3, https://github.com/etcd-io/jetcd, Apache 2.0 failasfe 2.3.4, https://github.com/jhalterman/failsafe, Apache 2.0 @@ -356,9 +356,10 @@ The text of each license is also included at licenses/LICENSE-[project].txt. GraphQL java 8.0: https://github.com/graphql-java/graphql-java , MIT GraphQL Java Tools 5.2.3: https://github.com/graphql-java/graphql-java-tools , MIT jopt-simple 5.0.2: https://github.com/jopt-simple/jopt-simple , MIT - bcpkix-jdk15on 1.68: http://www.bouncycastle.org/licence.html , MIT - bcprov-jdk15on 1.68: http://www.bouncycastle.org/licence.html , MIT - bcprov-ext-jdk15on 1.68: http://www.bouncycastle.org/licence.html , MIT + bcpkix-jdk15on 1.69: http://www.bouncycastle.org/licence.html , MIT + bcprov-jdk15on 1.69: http://www.bouncycastle.org/licence.html , MIT + bcprov-ext-jdk15on 1.69: http://www.bouncycastle.org/licence.html , MIT + bcutil-ext-jdk15on 1.69: http://www.bouncycastle.org/licence.html , MIT minimal-json 0.9.5: https://github.com/ralfstx/minimal-json, MIT checker-qual 2.8.1: https://github.com/typetools/checker-framework, MIT influxdb-java 2.15: https://github.com/influxdata/influxdb-java, MIT diff --git a/oap-server-bom/pom.xml b/oap-server-bom/pom.xml index 2d3bd1a..5b4e179 100644 --- a/oap-server-bom/pom.xml +++ b/oap-server-bom/pom.xml @@ -47,7 +47,7 @@ <netty-tcnative-boringssl-static.version>2.0.39.Final</netty-tcnative-boringssl-static.version> <jetty.version>9.4.40.v20210413</jetty.version> <commons-io.version>2.6</commons-io.version> - <kubernetes.version>12.0.1</kubernetes.version> + <kubernetes.version>13.0.0</kubernetes.version> <hikaricp.version>3.1.0</hikaricp.version> <zipkin.version>2.9.1</zipkin.version> <jackson-core.version>2.12.2</jackson-core.version> diff --git a/tools/dependencies/known-oap-backend-dependencies-es7.txt b/tools/dependencies/known-oap-backend-dependencies-es7.txt index 8f2c7b6..d6a3530 100755 --- a/tools/dependencies/known-oap-backend-dependencies-es7.txt +++ b/tools/dependencies/known-oap-backend-dependencies-es7.txt @@ -8,17 +8,18 @@ aopalliance-1.0.jar apollo-client-1.8.0.jar apollo-core-1.8.0.jar audience-annotations-0.5.0.jar -bcpkix-jdk15on-1.68.jar -bcprov-ext-jdk15on-1.68.jar -bcprov-jdk15on-1.68.jar +bcpkix-jdk15on-1.69.jar +bcprov-ext-jdk15on-1.69.jar +bcprov-jdk15on-1.69.jar +bcutil-jdk15on-1.69.jar checker-qual-2.8.1.jar -client-java-12.0.1.jar -client-java-api-12.0.1.jar -client-java-proto-12.0.1.jar +client-java-13.0.0.jar +client-java-api-13.0.0.jar +client-java-proto-13.0.0.jar commons-beanutils-1.9.4.jar commons-codec-1.11.jar commons-collections4-4.4.jar -commons-compress-1.20.jar +commons-compress-1.21.jar commons-dbcp-1.4.jar commons-io-2.6.jar commons-lang3-3.12.0.jar @@ -95,7 +96,7 @@ jetty-util-ajax-9.4.40.v20210413.jar jna-5.5.0.jar joda-time-2.10.5.jar jopt-simple-4.6.jar -jose4j-0.7.6.jar +jose4j-0.7.8.jar jsr305-3.0.2.jar kafka-clients-2.4.1.jar kotlin-reflect-1.1.1.jar @@ -158,7 +159,7 @@ s2-geometry-library-java-1.0.0.jar simpleclient-0.6.0.jar simpleclient_common-0.6.0.jar simpleclient_hotspot-0.6.0.jar -simpleclient_httpserver-0.10.0.jar +simpleclient_httpserver-0.11.0.jar slf4j-api-1.7.30.jar snakeyaml-1.28.jar snappy-java-1.1.7.3.jar diff --git a/tools/dependencies/known-oap-backend-dependencies.txt b/tools/dependencies/known-oap-backend-dependencies.txt index 9dcd63e..682bad1 100755 --- a/tools/dependencies/known-oap-backend-dependencies.txt +++ b/tools/dependencies/known-oap-backend-dependencies.txt @@ -8,17 +8,18 @@ aopalliance-1.0.jar apollo-client-1.8.0.jar apollo-core-1.8.0.jar audience-annotations-0.5.0.jar -bcpkix-jdk15on-1.68.jar -bcprov-ext-jdk15on-1.68.jar -bcprov-jdk15on-1.68.jar +bcpkix-jdk15on-1.69.jar +bcprov-ext-jdk15on-1.69.jar +bcprov-jdk15on-1.69.jar +bcutil-jdk15on-1.69.jar checker-qual-2.8.1.jar -client-java-12.0.1.jar -client-java-api-12.0.1.jar -client-java-proto-12.0.1.jar +client-java-13.0.0.jar +client-java-api-13.0.0.jar +client-java-proto-13.0.0.jar commons-beanutils-1.9.4.jar commons-codec-1.11.jar commons-collections4-4.4.jar -commons-compress-1.20.jar +commons-compress-1.21.jar commons-dbcp-1.4.jar commons-io-2.6.jar commons-lang3-3.12.0.jar @@ -93,7 +94,7 @@ jetty-util-ajax-9.4.40.v20210413.jar jna-4.5.1.jar joda-time-2.10.5.jar jopt-simple-4.6.jar -jose4j-0.7.6.jar +jose4j-0.7.8.jar jsr305-3.0.2.jar kafka-clients-2.4.1.jar kotlin-reflect-1.1.1.jar @@ -154,7 +155,7 @@ retrofit-2.5.0.jar simpleclient-0.6.0.jar simpleclient_common-0.6.0.jar simpleclient_hotspot-0.6.0.jar -simpleclient_httpserver-0.10.0.jar +simpleclient_httpserver-0.11.0.jar slf4j-api-1.7.30.jar snakeyaml-1.28.jar snappy-java-1.1.7.3.jar
