HDFS toolkit v5.3.3 Vulnerabilities fixed

IBMStreams · Sep 18, 2023 · ad6fc5a · ad6fc5a
1 parent 1c94674
commit ad6fc5a
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 42 deletions.
diff --git a/com.ibm.streamsx.hdfs/CHANGELOG.md b/com.ibm.streamsx.hdfs/CHANGELOG.md
@@ -1,6 +1,12 @@
 # Changes
 =======
 
+## v5.3.3:
+* [#133}fix Vulnerabilities in 3rd party jar libraries)
+
+## v5.3.2:
+* [#133](https://github.com/IBMStreams/streamsx.hdfs/issues/140) slf4j jars updated (fix the log4j issue)
+
 ## v5.3.2:
 * [#133](https://github.com/IBMStreams/streamsx.hdfs/issues/140) slf4j jars updated (fix the log4j issue)
 

diff --git a/com.ibm.streamsx.hdfs/info.xml b/com.ibm.streamsx.hdfs/info.xml
@@ -207,9 +207,13 @@ The 'tempFile' parameter specifies the name of the file that the operator writes
 
 * pom.xml updated to use  slf4j libraries version 1.7.36
 
+++ What is new in version 5.3.3
+
+* pom.xml updated to use the latest apache libraries
+
 
 </description>
-    <version>5.3.2</version>
+    <version>5.3.3</version>
     <requiredProductVersion>4.2.0.0</requiredProductVersion>
   </identity>
   <dependencies/>

diff --git a/com.ibm.streamsx.hdfs/pom.xml b/com.ibm.streamsx.hdfs/pom.xml
@@ -8,7 +8,7 @@
 	<groupId>com.ibm.streamsx.hdfs</groupId>
 	<artifactId>streamsx.hdfs</artifactId>
 	<packaging>jar</packaging>
-	<version>5.3.2</version>
+	<version>5.3.3</version>
 	<name>com.ibm.streamsx.hdfs</name>
 	<repositories>
 		<repository>
@@ -23,7 +23,7 @@
 		<dependency>
 			<groupId>commons-cli</groupId>
 			<artifactId>commons-cli</artifactId>
-			<version>1.4</version>
+			<version>1.5.0</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -35,7 +35,7 @@
 		<dependency>
 			<groupId>commons-codec</groupId>
 			<artifactId>commons-codec</artifactId>
-			<version>1.15</version>
+			<version>1.16.0</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -59,7 +59,7 @@
 		<dependency>
 			<groupId>org.apache.commons</groupId>
 			<artifactId>commons-configuration2</artifactId>
-			<version>2.7</version>
+			<version>2.9.0</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -72,7 +72,7 @@
 		<dependency>
 			<groupId>commons-io</groupId>
 			<artifactId>commons-io</artifactId>
-			<version>2.7</version>
+			<version>2.13.0</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -96,7 +96,7 @@
 		<dependency>
 			<groupId>org.apache.commons</groupId>
 			<artifactId>commons-lang3</artifactId>
-			<version>3.9</version>
+			<version>3.13.0</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -109,20 +109,21 @@
 			<groupId>commons-logging</groupId>
 			<artifactId>commons-logging</artifactId>
 			<version>1.2</version>
-			<exclusions>
-				<exclusion>
-					<groupId>*</groupId>
-					<artifactId>*</artifactId>
-				</exclusion>
-			</exclusions>
-		</dependency>
 
 
+                       <exclusions>
+                                <exclusion>
+                                        <groupId>*</groupId>
+                                        <artifactId>*</artifactId>
+                                </exclusion>
+                        </exclusions>
+                </dependency>
+
 
 		<dependency>
 			<groupId>com.google.guava</groupId>
 			<artifactId>guava</artifactId>
-			<version>30.0-jre</version>
+			<version>32.1.2-jre</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -206,7 +207,7 @@
 		<dependency>
 			<groupId>org.apache.httpcomponents</groupId>
 			<artifactId>httpcore</artifactId>
-			<version>4.4.13</version>
+			<version>4.4.16</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -218,7 +219,7 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-core</artifactId>
-			<version>2.11.2</version>
+			<version>2.15.2</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -230,7 +231,7 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-annotations</artifactId>
-			<version>2.11.2</version>
+			<version>2.15.2</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -242,7 +243,7 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.11.2</version>
+			<version>2.15.2</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -291,7 +292,7 @@
 		<dependency>
 			<groupId>com.google.protobuf</groupId>
 			<artifactId>protobuf-java</artifactId>
-			<version>3.13.0</version>
+			<version>3.24.3</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -303,7 +304,7 @@
 		<dependency>
 			<groupId>com.google.re2j</groupId>
 			<artifactId>re2j</artifactId>
-			<version>1.4</version>
+			<version>1.7</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -317,19 +318,19 @@
 		    <artifactId>javax.servlet-api</artifactId>
 		    <version>4.0.1</version>
 		    <scope>provided</scope>
-					<exclusions>
-						<exclusion>
-							<groupId>*</groupId>
-							<artifactId>*</artifactId>
-						</exclusion>
-					</exclusions>
+			<exclusions>
+				<exclusion>
+					<groupId>*</groupId>
+					<artifactId>*</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 
 
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-api</artifactId>
-			<version>1.7.36</version>
+			<version>2.0.9</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -341,7 +342,7 @@
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-log4j12</artifactId>
-			<version>1.7.36</version>
+			<version>2.0.9</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -365,7 +366,7 @@
 		<dependency>
 			<groupId>com.fasterxml.woodstox</groupId>
 			<artifactId>woodstox-core</artifactId>
-			<version>6.2.1</version>
+			<version>6.5.1</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -378,7 +379,7 @@
 		<dependency>
 	  		<groupId>org.apache.commons</groupId>
 	  		<artifactId>commons-compress</artifactId>
-	  		<version>1.20</version>
+	  		<version>1.24.0</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -387,17 +388,17 @@
 			</exclusions>
 		</dependency>
 
-	<dependency>
-	    <groupId>org.apache.hadoop.thirdparty</groupId>
-	    <artifactId>hadoop-shaded-protobuf_3_7</artifactId>
-	    <version>1.0.0</version>
-		<exclusions>
-			<exclusion>
-				<groupId>*</groupId>
-				<artifactId>*</artifactId>
-			</exclusion>
-		</exclusions>
-	</dependency>
+		<dependency>
+	    		<groupId>org.apache.hadoop.thirdparty</groupId>
+	    		<artifactId>hadoop-shaded-protobuf_3_7</artifactId>
+	    		<version>1.0.0</version>
+			<exclusions>
+				<exclusion>
+					<groupId>*</groupId>
+					<artifactId>*</artifactId>
+				</exclusion>
+			</exclusions>
+		</dependency>
 
 
 	</dependencies>