From 2eb402b9133e7b23e4b7da82652ce970a647d8ff Mon Sep 17 00:00:00 2001
From: "ahmad.nouri" <ahmad.nouri-ext.ibm.com>
Date: Fri, 6 Oct 2023 05:25:53 -0700
Subject: [PATCH] v3.9.6 Vulnerability issues for 3rd party libraries  fixed

---
 com.ibm.streamsx.hbase/CHANGELOG.md |  4 ++++
 com.ibm.streamsx.hbase/info.xml     |  7 ++++++-
 com.ibm.streamsx.hbase/pom.xml      | 29 ++++++++++++++++++++---------
 3 files changed, 30 insertions(+), 10 deletions(-)

diff --git a/com.ibm.streamsx.hbase/CHANGELOG.md b/com.ibm.streamsx.hbase/CHANGELOG.md
index 7054d3d..3fea1ba 100644
--- a/com.ibm.streamsx.hbase/CHANGELOG.md
+++ b/com.ibm.streamsx.hbase/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changes
 =========
+## v3.9.6
+* fix Vulnerabilities CVE-2022-42889,  CVE-2022-25168 and CVE-2021-33036
+  hadoop jar libraries upgraded to version 3.3.6 
+  commons.cli vesion 1.5.1 and commons-codec version 1.16.1
 
 ## v3.9.5:
 * [#145](https://github.com/IBMStreams/streamsx.hbase/issues/149) 3rd party library slf4j-api upgraded to version 1.7.36
diff --git a/com.ibm.streamsx.hbase/info.xml b/com.ibm.streamsx.hbase/info.xml
index fe56a67..c3312b4 100644
--- a/com.ibm.streamsx.hbase/info.xml
+++ b/com.ibm.streamsx.hbase/info.xml
@@ -241,10 +241,15 @@ The jar library zookeeper-3.4.13.jar has been replaced with **zookeeper-3.4.6.ja
 
 * 3rd party library slf4j-api upgraded to version 1.7.36
 	    
+++ What is new in version 3.9.6
 
+* The Vulnerability issues for 3rd party libraries have been fixed
+* hadoop libraries upgraded to version 3.3.6 
+* commons-cli upgraded to 1.5.0
+* commons-codecs upgraded to 1.16.1
 	    
 </info:description>
-    <info:version>3.9.5</info:version>
+    <info:version>3.9.6</info:version>
     <info:requiredProductVersion>4.0.0.0</info:requiredProductVersion>
   </info:identity>
   <info:dependencies/>
diff --git a/com.ibm.streamsx.hbase/pom.xml b/com.ibm.streamsx.hbase/pom.xml
index 1b20229..c0844b7 100644
--- a/com.ibm.streamsx.hbase/pom.xml
+++ b/com.ibm.streamsx.hbase/pom.xml
@@ -11,7 +11,7 @@
 	<groupId>com.ibm.streamsx.hbase</groupId>
 	<artifactId>streamsx.hbase</artifactId>
 	<packaging>jar</packaging>
-	<version>3.9.5</version> 
+	<version>3.9.6</version> 
 	<name>com.ibm.streamsx.hbase</name>
 	<repositories>
 		<repository>
@@ -25,7 +25,7 @@
 		<dependency>
 			<groupId>commons-cli</groupId>
 			<artifactId>commons-cli</artifactId>
-			<version>1.4</version>
+			<version>1.5.0</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -37,7 +37,7 @@
 		<dependency>
 			<groupId>commons-codec</groupId>
 			<artifactId>commons-codec</artifactId>
-			<version>1.15</version>
+			<version>1.16.0</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -61,7 +61,7 @@
 		<dependency>
 			<groupId>org.apache.commons</groupId>
 			<artifactId>commons-configuration2</artifactId>
-			<version>2.7</version>
+			<version>2.9.0</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -73,7 +73,7 @@
 		<dependency>
 			<groupId>commons-io</groupId>
 			<artifactId>commons-io</artifactId>
-			<version>2.7</version>
+			<version>2.13.0</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -96,7 +96,7 @@
 		<dependency>
 			<groupId>org.apache.commons</groupId>
 			<artifactId>commons-lang3</artifactId>
-			<version>3.11</version>
+			<version>3.13.0</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -237,7 +237,7 @@
 		<dependency>
 			<groupId>org.apache.hadoop</groupId>
 			<artifactId>hadoop-annotations</artifactId>
-			<version>3.3.0</version>
+			<version>3.3.6</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -249,7 +249,7 @@
 		<dependency>
 			<groupId>org.apache.hadoop</groupId>
 			<artifactId>hadoop-auth</artifactId>
-			<version>3.3.0</version>
+			<version>3.3.6</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -261,7 +261,7 @@
 		<dependency>
 			<groupId>org.apache.hadoop</groupId>
 			<artifactId>hadoop-common</artifactId>
-			<version>3.3.0</version>
+			<version>3.3.6</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -270,6 +270,17 @@
 			</exclusions>
 		</dependency>
 
+                <dependency>
+                        <groupId>org.apache.hadoop.thirdparty</groupId>
+                        <artifactId>hadoop-shaded-guava</artifactId>
+                        <version>1.1.1</version>
+                        <exclusions>
+                                <exclusion>
+                                        <groupId>*</groupId>
+                                        <artifactId>*</artifactId>
+                                </exclusion>
+                        </exclusions>
+                </dependency>
 
 
 		<dependency>