From 167c3050df57a0e2558119e83fe3223fb66e9bf1 Mon Sep 17 00:00:00 2001 From: Bruno Roustant Date: Thu, 1 Oct 2020 10:07:42 +0200 Subject: [PATCH] SOLR-14905: Upgrade commons-io version to 2.8.0. Closes #1934 --- solr/CHANGES.txt | 2 ++ solr/core/src/test/org/apache/hadoop/fs/FileUtil.java | 7 +------ solr/licenses/commons-io-2.6.jar.sha1 | 1 - solr/licenses/commons-io-2.8.0.jar.sha1 | 1 + versions.lock | 2 +- versions.props | 2 +- 6 files changed, 6 insertions(+), 9 deletions(-) delete mode 100644 solr/licenses/commons-io-2.6.jar.sha1 create mode 100644 solr/licenses/commons-io-2.8.0.jar.sha1 diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt index 5242359f0dd..24952d89a7b 100644 --- a/solr/CHANGES.txt +++ b/solr/CHANGES.txt @@ -187,6 +187,8 @@ Improvements * SOLR-14859: DateRangeField now throws errors when invalid field/fieldType options specified; no longer silently accepts incompatible option values (Jason Gerlowski, Chris Hostetter, Munendra S N) +* SOLR-14905: Update commons-io version to 2.8.0 due to security vulnerability. (Nazerke Seidan via Bruno Roustant) + Optimizations --------------------- diff --git a/solr/core/src/test/org/apache/hadoop/fs/FileUtil.java b/solr/core/src/test/org/apache/hadoop/fs/FileUtil.java index e38b5639c95..4b343568a22 100644 --- a/solr/core/src/test/org/apache/hadoop/fs/FileUtil.java +++ b/solr/core/src/test/org/apache/hadoop/fs/FileUtil.java @@ -597,12 +597,7 @@ public class FileUtil { File[] allFiles = dir.listFiles(); if(allFiles != null) { for (int i = 0; i < allFiles.length; i++) { - boolean isSymLink; - try { - isSymLink = org.apache.commons.io.FileUtils.isSymlink(allFiles[i]); - } catch(IOException ioe) { - isSymLink = true; - } + boolean isSymLink = org.apache.commons.io.FileUtils.isSymlink(allFiles[i]); if(!isSymLink) { size += getDU(allFiles[i]); } diff --git a/solr/licenses/commons-io-2.6.jar.sha1 b/solr/licenses/commons-io-2.6.jar.sha1 deleted file mode 100644 index 9fa55f50835..00000000000 --- a/solr/licenses/commons-io-2.6.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -815893df5f31da2ece4040fe0a12fd44b577afaf diff --git a/solr/licenses/commons-io-2.8.0.jar.sha1 b/solr/licenses/commons-io-2.8.0.jar.sha1 new file mode 100644 index 00000000000..3a5fc716ed9 --- /dev/null +++ b/solr/licenses/commons-io-2.8.0.jar.sha1 @@ -0,0 +1 @@ +92999e26e6534606b5678014e66948286298a35c diff --git a/versions.lock b/versions.lock index 5c40e1724a5..bb9e06acc49 100644 --- a/versions.lock +++ b/versions.lock @@ -34,7 +34,7 @@ com.tdunning:t-digest:3.1 (1 constraints: a804212c) commons-cli:commons-cli:1.4 (1 constraints: a9041e2c) commons-codec:commons-codec:1.13 (1 constraints: d904f430) commons-collections:commons-collections:3.2.2 (1 constraints: 09050236) -commons-io:commons-io:2.6 (1 constraints: ac04232c) +commons-io:commons-io:2.8.0 (1 constraints: 0c050d36) commons-lang:commons-lang:2.6 (1 constraints: 2a0d520d) commons-logging:commons-logging:1.1.3 (2 constraints: c8149e7f) de.l3s.boilerpipe:boilerpipe:1.1.0 (1 constraints: 0405f335) diff --git a/versions.props b/versions.props index c86546e9d5e..ddaf47679ef 100644 --- a/versions.props +++ b/versions.props @@ -27,7 +27,7 @@ com.vaadin.external.google:android-json=0.0.20131108.vaadin1 commons-cli:commons-cli=1.4 commons-codec:commons-codec=1.13 commons-collections:commons-collections=3.2.2 -commons-io:commons-io=2.6 +commons-io:commons-io=2.8.0 commons-logging:commons-logging=1.1.3 de.l3s.boilerpipe:boilerpipe=1.1.0 io.dropwizard.metrics:*=4.1.5