Joe McDonnell has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/18348 )
Change subject: IMPALA-11197/IMPALA-11149: Address CVEs in pac4j/xmlsec ...................................................................... IMPALA-11197/IMPALA-11149: Address CVEs in pac4j/xmlsec This upgrades pac4j and several of its dependencies (including xmlsec) to address CVEs in those components. Specifically: - pac4j 4.5.5 addresses CVE-2021-44878 - xmlsec 2.2.3 addresses CVE-2021-40690 - bcprov 1.68 addresses CVE-2020-15522 This also upgrade springframework to 5.2.9.RELEASE to match the version for pac4j 4.5.5. Testing: - Ran core job Change-Id: I8421d867dd0fce8eeaa6bc13a511ca3e8dd05723 Reviewed-on: http://gerrit.cloudera.org:8080/18348 Reviewed-by: Csaba Ringhofer <csringho...@cloudera.com> Tested-by: Joe McDonnell <joemcdonn...@cloudera.com> --- M java/pom.xml 1 file changed, 7 insertions(+), 5 deletions(-) Approvals: Csaba Ringhofer: Looks good to me, approved Joe McDonnell: Verified -- To view, visit http://gerrit.cloudera.org:8080/18348 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I8421d867dd0fce8eeaa6bc13a511ca3e8dd05723 Gerrit-Change-Number: 18348 Gerrit-PatchSet: 2 Gerrit-Owner: Joe McDonnell <joemcdonn...@cloudera.com> Gerrit-Reviewer: Csaba Ringhofer <csringho...@cloudera.com> Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com> Gerrit-Reviewer: Joe McDonnell <joemcdonn...@cloudera.com>