a223dde83ed94c605a20b58c0f068352862fa56b - pulsar-connectors

commit	a223dde83ed94c605a20b58c0f068352862fa56b	[log] [tgz]
author	冉小龙 <rxl@apache.org>	Tue Sep 08 09:05:23 2020 +0800
committer	GitHub <noreply@github.com>	Tue Sep 08 09:05:23 2020 +0800
tree	a37fee91f3a85e5eddcc78be9c6f95f2b25f4a67
parent	164e0ccd7c569f199bade5fe91f9791c8e832ac7 [diff]

[Security] Upgrade the snakeyaml verion to 1.26 (#7994)

Fixes #7928

### Motivation

As https://nvd.nist.gov/vuln/detail/CVE-2017-18640 said, the `snakeyaml` < 1.26

### Modifications

In `pulsar-functions` model:

- The `snakeyaml` 1.19 appears to be included from dependency on org.apache.pulsar:pulsar-functions-secrets:jar:2.6.1 based on included dependency of io.kubernetes:client-java-api:jar:2.0.0:compile Fixed in 9.0.2

- The `snakeyaml` 1.16 appears to be included from the dependency on org.apache.pulsar:pulsar-functions-instance:jar:2.6.1 based on io.prometheus.jmx:collector:jar:0.12.0 Fixed in 0.13.0

- The 1.17 org.apache.pulsar.tests:integration:test-jar:tests:2.6.1:test depends on org.elasticsearch.client:elasticsearch-rest-high-level-client:jar:6.3.2:test Fixed in elasticsearch >= 7.7.1 (7.9.1 current)

pulsar-io/elastic-search/src/main/java/org/apache/pulsar/io/elasticsearch/ElasticSearchSink.java[diff]

1 file changed

tree: a37fee91f3a85e5eddcc78be9c6f95f2b25f4a67

pulsar-io/