[ranger] 01/02: RANGER-4226: Upgrade Nimbus-JOSE-JWT and bcpkix-jdk15

Mon, 15 May 2023 01:55:35 -0700 

This is an automated email from the ASF dual-hosted git repository.

pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git

commit dd6954457e27c1d9a4c827c6afea8a3e0952448e
Author: Pradeep Agrawal <prad...@apache.org>
AuthorDate: Mon May 8 13:30:15 2023 +0530

    RANGER-4226: Upgrade Nimbus-JOSE-JWT and bcpkix-jdk15
---
 distro/src/main/assembly/admin-web.xml | 2 +-
 plugin-ozone/pom.xml                   | 9 +++++++++
 pom.xml                                | 8 ++++----
 ranger-ozone-plugin-shim/pom.xml       | 9 +++++++++
 4 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/distro/src/main/assembly/admin-web.xml 
b/distro/src/main/assembly/admin-web.xml
index b29b83347..245d9ca09 100644
--- a/distro/src/main/assembly/admin-web.xml
+++ b/distro/src/main/assembly/admin-web.xml
@@ -189,7 +189,7 @@
           <include>org.apache.ratis:ratis-proto:jar:${ratis.version}</include>
           
<include>org.apache.ratis:ratis-thirdparty-misc:jar:${ratis-thirdparty.version}</include>
           <include>org.apache.commons:commons-compress:jar:1.4.1</include>
-          <include>org.bouncycastle:bcpkix-jdk15on</include>
+          
<include>org.bouncycastle:bcpkix-jdk15on:jar:${org.bouncycastle.bcpkix-jdk15on}</include>
           <include>commons-net:commons-net:jar:${commons.net.version}</include>
           <include>com.google.guava:guava</include>
           <include>io.jaegertracing:jaeger-core:jar:1.6.0</include>
diff --git a/plugin-ozone/pom.xml b/plugin-ozone/pom.xml
index b832bd9a5..fa20ec382 100644
--- a/plugin-ozone/pom.xml
+++ b/plugin-ozone/pom.xml
@@ -88,6 +88,11 @@ limitations under the License.
             <artifactId>httpcore</artifactId>
             <version>${httpcomponents.httpcore.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcpkix-jdk15on</artifactId>
+            <version>${org.bouncycastle.bcpkix-jdk15on}</version>
+        </dependency>
         <dependency>
             <groupId>org.apache.ozone</groupId>
             <artifactId>ozone-common</artifactId>
@@ -104,6 +109,10 @@ limitations under the License.
             <artifactId>hdds-common</artifactId>
                <version>${ozone.version}</version>
             <exclusions>
+                <exclusion>
+                    <groupId>org.bouncycastle</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
                 <exclusion>
                     <groupId>org.apache.logging.log4j</groupId>
                     <artifactId>*</artifactId>
diff --git a/pom.xml b/pom.xml
index 32d19d42c..cd4d58fa4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -86,7 +86,7 @@
         <atlas.jackson.databind.version>2.11.3</atlas.jackson.databind.version>
         <atlas.jettison.version>1.3.7</atlas.jettison.version>
         <atlas.commons.logging.version>1.1.3</atlas.commons.logging.version>
-        <bouncycastle.version>1.55</bouncycastle.version>
+        <bouncycastle.version>1.70</bouncycastle.version>
         <c3p0.version>0.9.5.5</c3p0.version>
         <cglib.version>2.2.0-b23</cglib.version>
         <checkstyle.plugin.version>3.1.0</checkstyle.plugin.version>
@@ -241,12 +241,12 @@
         
<com.microsoft.azure.adal4j.version>1.6.4</com.microsoft.azure.adal4j.version>
         <io.reactivex.rxjava.version>1.3.8</io.reactivex.rxjava.version>
         <net.minidev.asm.version>1.0.2</net.minidev.asm.version>
-        <org.bouncycastle.bcprov-jdk15on>1.68</org.bouncycastle.bcprov-jdk15on>
-        <org.bouncycastle.bcpkix-jdk15on>1.59</org.bouncycastle.bcpkix-jdk15on>
+        <org.bouncycastle.bcprov-jdk15on>1.70</org.bouncycastle.bcprov-jdk15on>
+        <org.bouncycastle.bcpkix-jdk15on>1.70</org.bouncycastle.bcpkix-jdk15on>
         <lucene.version>8.4.0</lucene.version>
         <hppc.version>0.8.0</hppc.version>
         <joda.time.version>2.10.6</joda.time.version>
-        <nimbus-jose-jwt.version>8.22.1</nimbus-jose-jwt.version>
+        <nimbus-jose-jwt.version>9.31</nimbus-jose-jwt.version>
         <aws-java-sdk.version>1.12.125</aws-java-sdk.version>
 
         <!-- GCP HSM -->
diff --git a/ranger-ozone-plugin-shim/pom.xml b/ranger-ozone-plugin-shim/pom.xml
index 303e7de51..de08a7c7d 100644
--- a/ranger-ozone-plugin-shim/pom.xml
+++ b/ranger-ozone-plugin-shim/pom.xml
@@ -77,6 +77,11 @@
             <artifactId>httpcore</artifactId>
             <version>${httpcomponents.httpcore.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcpkix-jdk15on</artifactId>
+            <version>${org.bouncycastle.bcpkix-jdk15on}</version>
+        </dependency>
         <dependency>
             <groupId>org.apache.ozone</groupId>
             <artifactId>ozone-common</artifactId>
@@ -93,6 +98,10 @@
             <artifactId>hdds-common</artifactId>
            <version>${ozone.version}</version>
             <exclusions>
+                <exclusion>
+                    <groupId>org.bouncycastle</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
                 <exclusion>
                     <groupId>org.apache.logging.log4j</groupId>
                     <artifactId>*</artifactId>

Reply via email to