This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
commit dd6954457e27c1d9a4c827c6afea8a3e0952448e Author: Pradeep Agrawal <prad...@apache.org> AuthorDate: Mon May 8 13:30:15 2023 +0530 RANGER-4226: Upgrade Nimbus-JOSE-JWT and bcpkix-jdk15 --- distro/src/main/assembly/admin-web.xml | 2 +- plugin-ozone/pom.xml | 9 +++++++++ pom.xml | 8 ++++---- ranger-ozone-plugin-shim/pom.xml | 9 +++++++++ 4 files changed, 23 insertions(+), 5 deletions(-) diff --git a/distro/src/main/assembly/admin-web.xml b/distro/src/main/assembly/admin-web.xml index b29b83347..245d9ca09 100644 --- a/distro/src/main/assembly/admin-web.xml +++ b/distro/src/main/assembly/admin-web.xml @@ -189,7 +189,7 @@ <include>org.apache.ratis:ratis-proto:jar:${ratis.version}</include> <include>org.apache.ratis:ratis-thirdparty-misc:jar:${ratis-thirdparty.version}</include> <include>org.apache.commons:commons-compress:jar:1.4.1</include> - <include>org.bouncycastle:bcpkix-jdk15on</include> + <include>org.bouncycastle:bcpkix-jdk15on:jar:${org.bouncycastle.bcpkix-jdk15on}</include> <include>commons-net:commons-net:jar:${commons.net.version}</include> <include>com.google.guava:guava</include> <include>io.jaegertracing:jaeger-core:jar:1.6.0</include> diff --git a/plugin-ozone/pom.xml b/plugin-ozone/pom.xml index b832bd9a5..fa20ec382 100644 --- a/plugin-ozone/pom.xml +++ b/plugin-ozone/pom.xml @@ -88,6 +88,11 @@ limitations under the License. <artifactId>httpcore</artifactId> <version>${httpcomponents.httpcore.version}</version> </dependency> + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcpkix-jdk15on</artifactId> + <version>${org.bouncycastle.bcpkix-jdk15on}</version> + </dependency> <dependency> <groupId>org.apache.ozone</groupId> <artifactId>ozone-common</artifactId> @@ -104,6 +109,10 @@ limitations under the License. <artifactId>hdds-common</artifactId> <version>${ozone.version}</version> <exclusions> + <exclusion> + <groupId>org.bouncycastle</groupId> + <artifactId>*</artifactId> + </exclusion> <exclusion> <groupId>org.apache.logging.log4j</groupId> <artifactId>*</artifactId> diff --git a/pom.xml b/pom.xml index 32d19d42c..cd4d58fa4 100644 --- a/pom.xml +++ b/pom.xml @@ -86,7 +86,7 @@ <atlas.jackson.databind.version>2.11.3</atlas.jackson.databind.version> <atlas.jettison.version>1.3.7</atlas.jettison.version> <atlas.commons.logging.version>1.1.3</atlas.commons.logging.version> - <bouncycastle.version>1.55</bouncycastle.version> + <bouncycastle.version>1.70</bouncycastle.version> <c3p0.version>0.9.5.5</c3p0.version> <cglib.version>2.2.0-b23</cglib.version> <checkstyle.plugin.version>3.1.0</checkstyle.plugin.version> @@ -241,12 +241,12 @@ <com.microsoft.azure.adal4j.version>1.6.4</com.microsoft.azure.adal4j.version> <io.reactivex.rxjava.version>1.3.8</io.reactivex.rxjava.version> <net.minidev.asm.version>1.0.2</net.minidev.asm.version> - <org.bouncycastle.bcprov-jdk15on>1.68</org.bouncycastle.bcprov-jdk15on> - <org.bouncycastle.bcpkix-jdk15on>1.59</org.bouncycastle.bcpkix-jdk15on> + <org.bouncycastle.bcprov-jdk15on>1.70</org.bouncycastle.bcprov-jdk15on> + <org.bouncycastle.bcpkix-jdk15on>1.70</org.bouncycastle.bcpkix-jdk15on> <lucene.version>8.4.0</lucene.version> <hppc.version>0.8.0</hppc.version> <joda.time.version>2.10.6</joda.time.version> - <nimbus-jose-jwt.version>8.22.1</nimbus-jose-jwt.version> + <nimbus-jose-jwt.version>9.31</nimbus-jose-jwt.version> <aws-java-sdk.version>1.12.125</aws-java-sdk.version> <!-- GCP HSM --> diff --git a/ranger-ozone-plugin-shim/pom.xml b/ranger-ozone-plugin-shim/pom.xml index 303e7de51..de08a7c7d 100644 --- a/ranger-ozone-plugin-shim/pom.xml +++ b/ranger-ozone-plugin-shim/pom.xml @@ -77,6 +77,11 @@ <artifactId>httpcore</artifactId> <version>${httpcomponents.httpcore.version}</version> </dependency> + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcpkix-jdk15on</artifactId> + <version>${org.bouncycastle.bcpkix-jdk15on}</version> + </dependency> <dependency> <groupId>org.apache.ozone</groupId> <artifactId>ozone-common</artifactId> @@ -93,6 +98,10 @@ <artifactId>hdds-common</artifactId> <version>${ozone.version}</version> <exclusions> + <exclusion> + <groupId>org.bouncycastle</groupId> + <artifactId>*</artifactId> + </exclusion> <exclusion> <groupId>org.apache.logging.log4j</groupId> <artifactId>*</artifactId>