From d1958146c12affb1fe3eabc5823bb4eeb6c0badc Mon Sep 17 00:00:00 2001 From: Olivier VERMEULEN Date: Sun, 24 Sep 2023 05:43:40 +0200 Subject: [PATCH] Update shiro to 1.12.0 for CVE-2023-34478 (#7884) --- .../src/test/resources/expected-pom.xml | 2 +- .../plugins/DependencyConstraints.groovy | 2 +- .../resources/assembly_content.txt | 18 +++++++++--------- .../resources/gfsh_dependency_classpath.txt | 18 +++++++++--------- .../resources/dependency_classpath.txt | 18 +++++++++--------- 5 files changed, 29 insertions(+), 29 deletions(-) diff --git a/boms/geode-all-bom/src/test/resources/expected-pom.xml b/boms/geode-all-bom/src/test/resources/expected-pom.xml index c120e5a6b5d..1ff396799b2 100644 --- a/boms/geode-all-bom/src/test/resources/expected-pom.xml +++ b/boms/geode-all-bom/src/test/resources/expected-pom.xml @@ -330,7 +330,7 @@ org.apache.shiro shiro-core - 1.10.0 + 1.12.0 org.assertj diff --git a/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy b/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy index 58c55d6c01d..d4c841c7170 100644 --- a/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy +++ b/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy @@ -41,7 +41,7 @@ class DependencyConstraints { deps.put("jgroups.version", "3.6.14.Final") deps.put("log4j.version", "2.17.2") deps.put("micrometer.version", "1.9.1") - deps.put("shiro.version", "1.10.0") + deps.put("shiro.version", "1.12.0") deps.put("slf4j-api.version", "1.7.32") deps.put("jboss-modules.version", "1.11.0.Final") deps.put("jackson.version", "2.13.3") diff --git a/geode-assembly/src/integrationTest/resources/assembly_content.txt b/geode-assembly/src/integrationTest/resources/assembly_content.txt index bbed00cd727..c83ce9f3fd4 100644 --- a/geode-assembly/src/integrationTest/resources/assembly_content.txt +++ b/geode-assembly/src/integrationTest/resources/assembly_content.txt @@ -1047,15 +1047,15 @@ lib/mx4j-remote-3.0.2.jar lib/mx4j-tools-3.0.1.jar lib/ra.jar lib/rmiio-2.1.2.jar -lib/shiro-cache-1.10.0.jar -lib/shiro-config-core-1.10.0.jar -lib/shiro-config-ogdl-1.10.0.jar -lib/shiro-core-1.10.0.jar -lib/shiro-crypto-cipher-1.10.0.jar -lib/shiro-crypto-core-1.10.0.jar -lib/shiro-crypto-hash-1.10.0.jar -lib/shiro-event-1.10.0.jar -lib/shiro-lang-1.10.0.jar +lib/shiro-cache-1.12.0.jar +lib/shiro-config-core-1.12.0.jar +lib/shiro-config-ogdl-1.12.0.jar +lib/shiro-core-1.12.0.jar +lib/shiro-crypto-cipher-1.12.0.jar +lib/shiro-crypto-core-1.12.0.jar +lib/shiro-crypto-hash-1.12.0.jar +lib/shiro-event-1.12.0.jar +lib/shiro-lang-1.12.0.jar lib/slf4j-api-1.7.32.jar lib/slf4j-api-1.7.36.jar lib/snappy-0.4.jar diff --git a/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt b/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt index 0756871fc42..a965f89a3a8 100644 --- a/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt +++ b/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt @@ -47,8 +47,8 @@ antlr-2.7.7.jar istack-commons-runtime-4.0.1.jar jaxb-impl-2.3.2.jar commons-validator-1.7.jar -shiro-core-1.10.0.jar -shiro-config-ogdl-1.10.0.jar +shiro-core-1.12.0.jar +shiro-config-ogdl-1.12.0.jar commons-beanutils-1.9.4.jar commons-codec-1.15.jar commons-collections-3.2.2.jar @@ -69,13 +69,13 @@ jna-platform-5.11.0.jar jna-5.11.0.jar snappy-0.4.jar jgroups-3.6.14.Final.jar -shiro-cache-1.10.0.jar -shiro-crypto-hash-1.10.0.jar -shiro-crypto-cipher-1.10.0.jar -shiro-config-core-1.10.0.jar -shiro-event-1.10.0.jar -shiro-crypto-core-1.10.0.jar -shiro-lang-1.10.0.jar +shiro-cache-1.12.0.jar +shiro-crypto-hash-1.12.0.jar +shiro-crypto-cipher-1.12.0.jar +shiro-config-core-1.12.0.jar +shiro-event-1.12.0.jar +shiro-crypto-core-1.12.0.jar +shiro-lang-1.12.0.jar slf4j-api-1.7.36.jar spring-beans-5.3.21.jar javax.activation-api-1.2.0.jar diff --git a/geode-server-all/src/integrationTest/resources/dependency_classpath.txt b/geode-server-all/src/integrationTest/resources/dependency_classpath.txt index 0107d3cfeef..c7839421a0a 100644 --- a/geode-server-all/src/integrationTest/resources/dependency_classpath.txt +++ b/geode-server-all/src/integrationTest/resources/dependency_classpath.txt @@ -1,8 +1,8 @@ spring-web-5.3.21.jar -shiro-event-1.10.0.jar -shiro-crypto-hash-1.10.0.jar -shiro-crypto-cipher-1.10.0.jar -shiro-config-core-1.10.0.jar +shiro-event-1.12.0.jar +shiro-crypto-hash-1.12.0.jar +shiro-crypto-cipher-1.12.0.jar +shiro-config-core-1.12.0.jar commons-digester-2.1.jar commons-validator-1.7.jar spring-jcl-5.3.21.jar @@ -23,11 +23,11 @@ geode-cq-0.0.0.jar geode-old-client-support-0.0.0.jar javax.servlet-api-3.1.0.jar jgroups-3.6.14.Final.jar -shiro-cache-1.10.0.jar +shiro-cache-1.12.0.jar httpcore-4.4.15.jar spring-beans-5.3.21.jar lucene-queries-6.6.6.jar -shiro-core-1.10.0.jar +shiro-core-1.12.0.jar HikariCP-4.0.3.jar slf4j-api-1.7.32.jar geode-http-service-0.0.0.jar @@ -63,7 +63,7 @@ jetty-io-9.4.47.v20220610.jar geode-deployment-legacy-0.0.0.jar commons-beanutils-1.9.4.jar log4j-core-2.17.2.jar -shiro-crypto-core-1.10.0.jar +shiro-crypto-core-1.12.0.jar jaxb-api-2.3.1.jar geode-unsafe-0.0.0.jar spring-shell-1.2.0.RELEASE.jar @@ -73,14 +73,14 @@ log4j-jul-2.17.2.jar HdrHistogram-2.1.12.jar jackson-annotations-2.13.3.jar micrometer-core-1.9.1.jar -shiro-config-ogdl-1.10.0.jar +shiro-config-ogdl-1.12.0.jar geode-log4j-0.0.0.jar lucene-analyzers-phonetic-6.6.6.jar spring-context-5.3.21.jar jetty-security-9.4.47.v20220610.jar geode-logging-0.0.0.jar commons-io-2.11.0.jar -shiro-lang-1.10.0.jar +shiro-lang-1.12.0.jar javax.transaction-api-1.3.jar geode-common-0.0.0.jar antlr-2.7.7.jar