Apache
/
druid
mirror of https://github.com/apache/druid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Address CVE-2021-35515 CVE-2021-36090 (#11496) 

* Address CVE-2021-35515 CVE-2021-36090

Bump commons-compress to deal with new CVEs

* fix licenses
This commit is contained in:
Suneet Saldanha 2021-07-26 14:54:32 -07:00 committed by GitHub
parent 973e5bf7d0
commit 3f456fe305
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
licenses.yaml
View File

@ -621,7 +621,7 @@ name: Apache Commons Compress
license_category: binary license_category: binary
module: java-core module: java-core
license_name: Apache License version 2.0 license_name: Apache License version 2.0
version: 1.18 version: 1.21
libraries: libraries:
- org.apache.commons: commons-compress - org.apache.commons: commons-compress
notices: notices:
@ -3002,20 +3002,6 @@ notices:
--- ---
name: Apache Commons Compress
license_category: binary
module: hadoop-client
license_name: Apache License version 2.0
version: 1.19
libraries:
- org.apache.commons: commons-compress
notices:
- commons-compress: |
Apache Commons Compress
Copyright 2002-2012 The Apache Software Foundation
---
name: Apache Commons Math name: Apache Commons Math
license_category: binary license_category: binary
module: hadoop-client module: hadoop-client

2
pom.xml
View File

@ -436,7 +436,7 @@
<dependency> <dependency>
<groupId>org.apache.commons</groupId> <groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId> <artifactId>commons-compress</artifactId>
<version>1.19</version> <version>1.21</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.tukaani</groupId> <groupId>org.tukaani</groupId>