mirror of https://github.com/apache/druid.git
update kubernetes java client to 19.0.0 and docker-java to 3.3.4 (#15449)
Update of direct dependencies: * kubernetes java-client to 19.0.0 * docker-java-bom to 3.3.4 In order to update transitive dependencies: * okio to 3.6.0 * bcjava to 1.76 To address CVES: - CVE-2023-3635 in okio - CVE-2023-33201 in bcjava --------- Co-authored-by: Xavier Léauté <xvrl@apache.org>
This commit is contained in:
parent
debb6b401c
commit
3c7dec56ca
|
@ -35,9 +35,22 @@
|
|||
</parent>
|
||||
|
||||
<properties>
|
||||
<kubernetes.client.version>11.0.4</kubernetes.client.version>
|
||||
<kubernetes.client.version>19.0.0</kubernetes.client.version>
|
||||
</properties>
|
||||
|
||||
|
||||
<dependencyManagement>
|
||||
<dependencies>
|
||||
<!-- This is an indirect dependency of io.kubernetes.client-java
|
||||
update to address vulnerability in transitive dependency okio used by okhttp -->
|
||||
<dependency>
|
||||
<groupId>com.squareup.okhttp3</groupId>
|
||||
<artifactId>okhttp</artifactId>
|
||||
<version>4.12.0</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.apache.druid</groupId>
|
||||
|
@ -80,18 +93,6 @@
|
|||
<scope>test</scope>
|
||||
</dependency>
|
||||
|
||||
<!-- Version override to address CVE-2020-28052 -->
|
||||
<dependency>
|
||||
<groupId>org.bouncycastle</groupId>
|
||||
<artifactId>bcprov-jdk15on</artifactId>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.bouncycastle</groupId>
|
||||
<artifactId>bcprov-ext-jdk15on</artifactId>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
|
||||
<!-- others -->
|
||||
<dependency>
|
||||
<groupId>com.google.code.findbugs</groupId>
|
||||
|
@ -137,6 +138,18 @@
|
|||
</dependencies>
|
||||
|
||||
<build>
|
||||
<pluginManagement>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-dependency-plugin</artifactId>
|
||||
<configuration>
|
||||
<!-- analyze incorrectly flags this dependency as missing when omitted, and unused when declared -->
|
||||
<ignoredDependencies>io.kubernetes:client-java-api-fluent:jar:19.0.0</ignoredDependencies>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</pluginManagement>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.jacoco</groupId>
|
||||
|
|
|
@ -65,7 +65,7 @@ public class DefaultK8sApiClient implements K8sApiClient
|
|||
public void patchPod(String podName, String podNamespace, String jsonPatchStr)
|
||||
{
|
||||
try {
|
||||
coreV1Api.patchNamespacedPod(podName, podNamespace, new V1Patch(jsonPatchStr), "true", null, null, null);
|
||||
coreV1Api.patchNamespacedPod(podName, podNamespace, new V1Patch(jsonPatchStr), "true", null, null, null, null);
|
||||
}
|
||||
catch (ApiException ex) {
|
||||
throw new RE(ex, "Failed to patch pod[%s/%s], code[%d], error[%s].", podNamespace, podName, ex.getCode(), ex.getResponseBody());
|
||||
|
@ -80,7 +80,7 @@ public class DefaultK8sApiClient implements K8sApiClient
|
|||
)
|
||||
{
|
||||
try {
|
||||
V1PodList podList = coreV1Api.listNamespacedPod(podNamespace, null, null, null, null, labelSelector, 0, null, null, null, null);
|
||||
V1PodList podList = coreV1Api.listNamespacedPod(podNamespace, null, null, null, null, labelSelector, 0, null, null, null, null, null);
|
||||
Preconditions.checkState(podList != null, "WTH: NULL podList");
|
||||
|
||||
Map<String, DiscoveryDruidNode> allNodes = new HashMap();
|
||||
|
@ -114,7 +114,7 @@ public class DefaultK8sApiClient implements K8sApiClient
|
|||
Watch.createWatch(
|
||||
realK8sClient,
|
||||
coreV1Api.listNamespacedPodCall(namespace, null, true, null, null,
|
||||
labelSelector, null, lastKnownResourceVersion, null, 0, true, null
|
||||
labelSelector, null, lastKnownResourceVersion, null, null, 0, true, null
|
||||
),
|
||||
new TypeReference<Watch.Response<V1Pod>>()
|
||||
{
|
||||
|
|
|
@ -36,6 +36,7 @@
|
|||
|
||||
<properties>
|
||||
<commons-io.version>2.11.0</commons-io.version>
|
||||
<okio.version>3.6.0</okio.version>
|
||||
</properties>
|
||||
|
||||
<repositories>
|
||||
|
@ -45,6 +46,19 @@
|
|||
</repository>
|
||||
</repositories>
|
||||
|
||||
<dependencyManagement>
|
||||
<dependencies>
|
||||
<!-- This is an indirect dependency of kafka-protobuf-provider
|
||||
update to address vulnerability in transitive dependency okio -->
|
||||
<dependency>
|
||||
<groupId>com.squareup.okio</groupId>
|
||||
<artifactId>okio</artifactId>
|
||||
<version>${okio.version}</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.apache.druid</groupId>
|
||||
|
|
229
licenses.yaml
229
licenses.yaml
|
@ -843,36 +843,6 @@ libraries:
|
|||
|
||||
---
|
||||
|
||||
name: kubernetes official java client
|
||||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
license_name: Apache License version 2.0
|
||||
version: 11.0.4
|
||||
libraries:
|
||||
- io.kubernetes: client-java
|
||||
|
||||
---
|
||||
|
||||
name: kubernetes official java client api
|
||||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
license_name: Apache License version 2.0
|
||||
version: 11.0.4
|
||||
libraries:
|
||||
- io.kubernetes: client-java-api
|
||||
|
||||
---
|
||||
|
||||
name: kubernetes official java client extended
|
||||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
license_name: Apache License version 2.0
|
||||
version: 11.0.4
|
||||
libraries:
|
||||
- io.kubernetes: client-java-extended
|
||||
|
||||
---
|
||||
|
||||
name: kubernetes fabric java client
|
||||
license_category: binary
|
||||
module: extensions-contrib/kubernetes-overlord-extensions
|
||||
|
@ -883,13 +853,28 @@ libraries:
|
|||
|
||||
---
|
||||
|
||||
name: io.prometheus simpleclient_common
|
||||
name: kubernetes official java client
|
||||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
license_name: Apache License version 2.0
|
||||
version: 0.9.0
|
||||
version: 19.0.0
|
||||
libraries:
|
||||
- io.prometheus: simpleclient_common
|
||||
- io.kubernetes: client-java
|
||||
- io.kubernetes: client-java-api
|
||||
- io.kubernetes: client-java-extended
|
||||
- io.kubernetes: client-java-api-fluent
|
||||
- io.kubernetes: client-java-proto
|
||||
|
||||
---
|
||||
|
||||
name: Swagger
|
||||
version: 1.6.2
|
||||
license_category: binary
|
||||
module: extensions/druid-avro-extensions
|
||||
license_name: Apache License version 2.0
|
||||
libraries:
|
||||
- io.swagger: swagger-core
|
||||
- io.swagger: swagger-models
|
||||
|
||||
---
|
||||
|
||||
|
@ -903,6 +888,16 @@ libraries:
|
|||
|
||||
---
|
||||
|
||||
name: io.sundr builder-annotations
|
||||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
license_name: Apache License version 2.0
|
||||
version: 0.22.0
|
||||
libraries:
|
||||
- io.sundr: builder-annotations
|
||||
|
||||
---
|
||||
|
||||
name: com.squareup.okio okio
|
||||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
|
@ -923,6 +918,16 @@ libraries:
|
|||
|
||||
---
|
||||
|
||||
name: io.swagger swagger-annotations
|
||||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
license_name: Apache License version 2.0
|
||||
version: 1.6.11
|
||||
libraries:
|
||||
- io.swagger: swagger-annotations
|
||||
|
||||
---
|
||||
|
||||
name: io.swagger swagger-annotations
|
||||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
|
@ -943,15 +948,6 @@ libraries:
|
|||
|
||||
---
|
||||
|
||||
name: io.prometheus simpleclient_httpserver
|
||||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
license_name: Apache License version 2.0
|
||||
version: 0.9.0
|
||||
libraries:
|
||||
- io.prometheus: simpleclient_httpserver
|
||||
|
||||
---
|
||||
|
||||
name: org.bitbucket.b_c jose4j
|
||||
license_category: binary
|
||||
|
@ -971,15 +967,38 @@ version: 2.2.1
|
|||
libraries:
|
||||
- org.joda: joda-convert
|
||||
|
||||
|
||||
---
|
||||
|
||||
name: com.squareup.okhttp3 okhttp
|
||||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
license_name: Apache License version 2.0
|
||||
version: 3.14.9
|
||||
version: 4.12.0
|
||||
libraries:
|
||||
- com.squareup.okhttp3: okhttp
|
||||
- com.squareup.okhttp3: logging-interceptor
|
||||
|
||||
---
|
||||
|
||||
name: com.squareup.okhttp3 okhttp logging-interceptor
|
||||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
license_name: Apache License version 2.0
|
||||
version: 4.11.0
|
||||
libraries:
|
||||
- com.squareup.okhttp3: logging-interceptor
|
||||
|
||||
---
|
||||
|
||||
name: com.squareup.okio okio
|
||||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
license_name: Apache License version 2.0
|
||||
version: 3.6.0
|
||||
libraries:
|
||||
- com.squareup.okio: okio
|
||||
- com.squareup.okio: okio-jvm
|
||||
|
||||
---
|
||||
|
||||
|
@ -987,19 +1006,15 @@ name: io.prometheus simpleclient
|
|||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
license_name: Apache License version 2.0
|
||||
version: 0.9.0
|
||||
version: 0.16.0
|
||||
libraries:
|
||||
- io.prometheus: simpleclient
|
||||
- io.prometheus: simpleclient_common
|
||||
- io.prometheus: simpleclient_httpserver
|
||||
- io.prometheus: simpleclient_tracer_common
|
||||
- io.prometheus: simpleclient_tracer_otel
|
||||
- io.prometheus: simpleclient_tracer_otel_agent
|
||||
|
||||
---
|
||||
|
||||
name: io.kubernetes client-java-proto
|
||||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
license_name: Apache License version 2.0
|
||||
version: 11.0.4
|
||||
libraries:
|
||||
- io.kubernetes: client-java-proto
|
||||
|
||||
---
|
||||
|
||||
|
@ -1017,73 +1032,79 @@ name: com.flipkart.zjsonpatch zjsonpatch
|
|||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
license_name: Apache License version 2.0
|
||||
version: 0.4.11
|
||||
version: 0.4.14
|
||||
libraries:
|
||||
- com.flipkart.zjsonpatch: zjsonpatch
|
||||
|
||||
---
|
||||
|
||||
|
||||
name: org.bouncycastle bcprov-jdk15on
|
||||
name: org.bouncycastle bcprov-jdk18on
|
||||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
license_name: MIT License
|
||||
version: "1.70"
|
||||
version: "1.76"
|
||||
libraries:
|
||||
- org.bouncycastle: bcprov-jdk15on
|
||||
|
||||
- org.bouncycastle: bcprov-jdk18on
|
||||
- org.bouncycastle: bcprov-ext-jdk18on
|
||||
- org.bouncycastle: bcpkix-jdk18on
|
||||
- org.bouncycastle: bcutil-jdk18on
|
||||
---
|
||||
|
||||
name: org.bouncycastle bcprov-ext-jdk15on
|
||||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
license_name: MIT License
|
||||
version: "1.70"
|
||||
libraries:
|
||||
- org.bouncycastle: bcprov-ext-jdk15on
|
||||
|
||||
---
|
||||
|
||||
name: org.bouncycastle bcpkix-jdk15on
|
||||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
license_name: MIT License
|
||||
version: "1.70"
|
||||
libraries:
|
||||
- org.bouncycastle: bcpkix-jdk15on
|
||||
|
||||
---
|
||||
|
||||
name: org.bouncycastle bcutil-jdk15on
|
||||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
license_name: MIT License
|
||||
version: "1.70"
|
||||
libraries:
|
||||
- org.bouncycastle: bcutil-jdk15on
|
||||
|
||||
---
|
||||
|
||||
name: com.squareup.okhttp3 logging-interceptor
|
||||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
license_name: Apache License version 2.0
|
||||
version: 3.14.9
|
||||
libraries:
|
||||
- com.squareup.okhttp3: logging-interceptor
|
||||
|
||||
---
|
||||
|
||||
name: com.github.vladimir-bukhtoyarov bucket4j-core
|
||||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
license_name: Apache License version 2.0
|
||||
version: 4.10.0
|
||||
version: 7.6.0
|
||||
libraries:
|
||||
- com.github.vladimir-bukhtoyarov: bucket4j-core
|
||||
|
||||
---
|
||||
|
||||
name: Jetbrains Annotations
|
||||
license_category: binary
|
||||
module: extensions/druid-kubernetes-extensions
|
||||
module: extensions/kubernetes-extensions
|
||||
license_name: Apache License version 2.0
|
||||
version: 13.0
|
||||
libraries:
|
||||
- org.jetbrains: annotations
|
||||
|
||||
|
||||
---
|
||||
|
||||
name: Jetbrains kotlin-stdlib
|
||||
license_category: binary
|
||||
module: extensions/kubernetes-extensions
|
||||
license_name: Apache License version 2.0
|
||||
version: 1.6.10
|
||||
libraries:
|
||||
- org.jetbrains.kotlin: kotlin-stdlib
|
||||
|
||||
---
|
||||
|
||||
name: Jetbrains kotlin-stdlib common
|
||||
license_category: binary
|
||||
module: extensions/kubernetes-extensions
|
||||
license_name: Apache License version 2.0
|
||||
version: 1.9.10
|
||||
libraries:
|
||||
- org.jetbrains.kotlin: kotlin-stdlib-common
|
||||
|
||||
---
|
||||
name: Jetbrains jdk7 jdk 8
|
||||
license_category: binary
|
||||
module: extensions/kubernetes-extensions
|
||||
license_name: Apache License version 2.0
|
||||
version: 1.8.21
|
||||
libraries:
|
||||
- org.jetbrains.kotlin: kotlin-stdlib
|
||||
- org.jetbrains.kotlin: kotlin-stdlib-common
|
||||
- org.jetbrains.kotlin: kotlin-stdlib-jdk7
|
||||
- org.jetbrains.kotlin: kotlin-stdlib-jdk8
|
||||
|
||||
---
|
||||
|
||||
name: Netty
|
||||
license_category: binary
|
||||
module: java-core
|
||||
|
@ -4097,6 +4118,16 @@ libraries:
|
|||
|
||||
---
|
||||
|
||||
name: org.elasticsearch securesm
|
||||
license_category: binary
|
||||
version: 2.1.9
|
||||
module: druid-ranger-security
|
||||
license_name: Creative Commons CC0
|
||||
libraries:
|
||||
- org.hdrhistogram: HdrHistogram
|
||||
|
||||
---
|
||||
|
||||
name: Apache Lucene
|
||||
license_category: binary
|
||||
version: 8.4.0
|
||||
|
|
|
@ -440,9 +440,10 @@
|
|||
<cve>CVE-2021-4277</cve>
|
||||
</suppress>
|
||||
|
||||
<!-- the remaining uses of vulnerable okio are in contrib-extensions -->
|
||||
<suppress>
|
||||
<notes><![CDATA[
|
||||
file name: okio-1.17.2.jar, okio-1.15.0.jar okio 2.8.0
|
||||
file name: okio-1.17.2.jar, okio-1.15.0.jar
|
||||
]]></notes>
|
||||
<packageUrl regex="true">^pkg:maven/com\.squareup\.okio/okio@..*$</packageUrl>
|
||||
<cve>CVE-2023-3635</cve> <!-- Suppressed since okio requests in Druid are internal, and not user-facing -->
|
||||
|
@ -460,18 +461,6 @@
|
|||
<cve>CVE-2023-5072</cve>
|
||||
</suppress>
|
||||
|
||||
<!--
|
||||
~ CVE-2023-44981 seems to affect Zookeeper servers. While we ship with a previous version of the Zookeeper, Druid only
|
||||
~ only uses the client classes of the Zookeeper. We do use the older version in the quickstart & example docker file,
|
||||
~ however in production it is recomended to use your own Zookeeper server with the CVE patched up, which the Druid's
|
||||
~ older ZK library is still compatible with.
|
||||
-->
|
||||
<suppress>
|
||||
<notes><![CDATA[
|
||||
file name: zookeeper-3.8.3.jar
|
||||
]]></notes>
|
||||
<cve>CVE-2023-44981</cve>
|
||||
</suppress>
|
||||
|
||||
<!--
|
||||
~ Hostname verification is disabled by default in Netty 4.x, therefore the version that Druid is using gets flagged,
|
||||
|
|
23
pom.xml
23
pom.xml
|
@ -369,26 +369,7 @@
|
|||
<artifactId>snakeyaml</artifactId>
|
||||
<version>1.33</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.bouncycastle</groupId>
|
||||
<artifactId>bcprov-jdk15on</artifactId>
|
||||
<version>1.70</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.bouncycastle</groupId>
|
||||
<artifactId>bcprov-ext-jdk15on</artifactId>
|
||||
<version>1.70</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.bouncycastle</groupId>
|
||||
<artifactId>bcpkix-jdk15on</artifactId>
|
||||
<version>1.70</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.bouncycastle</groupId>
|
||||
<artifactId>bcutil-jdk15on</artifactId>
|
||||
<version>1.70</version>
|
||||
</dependency>
|
||||
|
||||
<!-- transitive dependency of testng
|
||||
this would be resolved by updating
|
||||
testng to 7.8.0 -->
|
||||
|
@ -1113,7 +1094,7 @@
|
|||
<dependency>
|
||||
<groupId>com.github.docker-java</groupId>
|
||||
<artifactId>docker-java-bom</artifactId>
|
||||
<version>3.2.13</version>
|
||||
<version>3.3.4</version>
|
||||
<scope>import</scope>
|
||||
<type>pom</type>
|
||||
</dependency>
|
||||
|
|
Loading…
Reference in New Issue