IMPALA-10496: Bump springframework dependency to 4.3.29
Impala depended on springframework 4.3.19 through pac4j
since IMPALA-10496.
Testing:
- used dependency-check-maven plugin to check that the CVEs
related to springframework disappear
Change-Id: I81a2b00a0dd1b1560fa97a13ccf4cf6bb69b4b51
Reviewed-on: http://gerrit.cloudera.org:8080/17112
Reviewed-by: Joe McDonnell <joemcdonnell@cloudera.com>
Tested-by: Impala Public Jenkins <impala-public-jenkins@cloudera.com>
diff --git a/fe/pom.xml b/fe/pom.xml
index 75fcf19..70579e3 100644
--- a/fe/pom.xml
+++ b/fe/pom.xml
@@ -531,6 +531,10 @@
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.springframework</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -543,6 +547,11 @@
<artifactId>xmlsec</artifactId>
<version>${xmlsec.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-core</artifactId>
+ <version>${springframework.version}</version>
+ </dependency>
</dependencies>
<reporting>
diff --git a/java/pom.xml b/java/pom.xml
index 32d4bdf..bc936fd 100644
--- a/java/pom.xml
+++ b/java/pom.xml
@@ -65,10 +65,11 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<iceberg.version>${env.IMPALA_ICEBERG_VERSION}</iceberg.version>
<pac4j.version>4.0.3</pac4j.version>
- <!-- xmlsec and bcprov-jdk15on are not used by Impala directly,
+ <!-- xmlsec, bcprov-jdk15on and springframework are not used by Impala directly,
but needed to replace pac4j 4.0.3's unsafe versions -->
<xmlsec.version>2.2.1</xmlsec.version>
<bcprov-jdk15on.version>1.64</bcprov-jdk15on.version>
+ <springframework.version>4.3.29.RELEASE</springframework.version>
</properties>
<repositories>