druid/distribution/bin
Chi Cao Minh 8365bdf62a Address security vulnerabilities (#8878)
* Address security vulnerabilities

Security vulnerabilities addressed by upgrading 3rd party libs:

- Upgrade avro-ipc to 1.9.1
  - sonatype-2019-0115
- Upgrade caffeine to 2.8.0
  - sonatype-2019-0282
- Upgrade commons-beanutils to 1.9.4
  - CVE-2014-0114
- Upgrade commons-codec to 1.13
  - sonatype-2012-0050
- Upgrade commons-compress to 1.19
  - CVE-2019-12402
  - sonatype-2018-0293
- Upgrade hadoop-common to 2.8.5
  - CVE-2018-11767
- Upgrade hadoop-mapreduce-client-core to 2.8.5
  - CVE-2017-3166
- Upgrade hibernate-validator to 5.2.5
  - CVE-2017-7536
- Upgrade httpclient to 4.5.10
  - sonatype-2017-0359
- Upgrade icu4j to 55.1
  - CVE-2014-8147
- Upgrade jackson-databind to 2.6.7.3:
  - CVE-2017-7525
- Upgrade jetty-http to 9.4.12:
  - CVE-2017-7657
  - CVE-2017-7658
  - CVE-2017-7656
  - CVE-2018-12545
- Upgrade log4j-core to 2.8.2
  - CVE-2017-5645:
- Upgrade netty to 3.10.6
  - CVE-2015-2156
- Upgrade netty-common to 4.1.42
  - CVE-2019-9518
- Upgrade netty-codec-http to 4.1.42
  - CVE-2019-16869
- Upgrade nimbus-jose-jwt to 4.41.1
  - CVE-2017-12972
  - CVE-2017-12974
- Upgrade plexus-utils to 3.0.24
  - CVE-2017-1000487
  - sonatype-2015-0173
  - sonatype-2016-0398
- Upgrade postgresql to 42.2.8
  - CVE-2018-10936

Note that if users are using JDBC lookups with postgres, they may need
to update the JDBC jar used by the lookup extension.

* Fix license for postgresql
2019-11-19 09:14:33 -08:00
..
build-textfile-readme.sh autogenerate NOTICE.BINARY from NOTICE and licenses.yaml (#8306) 2019-08-21 12:46:27 -07:00
check-licenses.py Address security vulnerabilities (#8878) 2019-11-19 09:14:33 -08:00
find-missing-backports.py Fix alerts from LGTM about python files (#8383) 2019-09-06 14:41:15 -07:00
generate-binary-license.py packaging script adjustments (#8436) 2019-08-29 23:27:43 -07:00
generate-binary-notice.py packaging script adjustments (#8436) 2019-08-29 23:27:43 -07:00
generate-license-dependency-reports.py Fix alerts from LGTM about python files (#8383) 2019-09-06 14:41:15 -07:00
get-milestone-contributors.py autogenerate NOTICE.BINARY from NOTICE and licenses.yaml (#8306) 2019-08-21 12:46:27 -07:00
get-milestone-prs.py autogenerate NOTICE.BINARY from NOTICE and licenses.yaml (#8306) 2019-08-21 12:46:27 -07:00
jar-notice-lister.py Fix alerts from LGTM about python files (#8383) 2019-09-06 14:41:15 -07:00
tag-missing-milestones.py packaging script adjustments (#8436) 2019-08-29 23:27:43 -07:00
web-console-dep-lister.py autogenerate NOTICE.BINARY from NOTICE and licenses.yaml (#8306) 2019-08-21 12:46:27 -07:00