From 9edfd465ae86abeebaf8b613b2b1f52b717d5869 Mon Sep 17 00:00:00 2001
From: nao <56360298+nao-it@users.noreply.github.com>
Date: Fri, 10 Mar 2023 18:27:22 +0300
Subject: [PATCH] HADOOP-18646. Upgrade Netty to 4.1.89.Final to fix
CVE-2022-41881 (#5435)
This fixes CVE-2022-41881.
This also upgrades io.opencensus dependencies to 0.12.3
Contributed by Aleksandr Nikolaev
(cherry picked from commit 734f7abfb8b84a4c20dbae5073cf2d4fb60adc1c)
Conflicts:
hadoop-project/pom.xml
Change-Id: I26b8961725706370ac5f0fa248d0b0333034a047
---
LICENSE-binary | 8 ++------
hadoop-project/pom.xml | 2 +-
2 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/LICENSE-binary b/LICENSE-binary
index fe96670a9edcd..2199d9d11a9eb 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -295,12 +295,8 @@ io.netty:netty-resolver-dns-classes-macos:4.1.77.Final
io.netty:netty-transport-native-epoll:4.1.77.Final
io.netty:netty-transport-native-kqueue:4.1.77.Final
io.netty:netty-resolver-dns-native-macos:4.1.77.Final
-io.opencensus:opencensus-api:0.24.0
-io.opencensus:opencensus-contrib-grpc-metrics:0.24.0
-io.opentracing:opentracing-api:0.33.0
-io.opentracing:opentracing-noop:0.33.0
-io.opentracing:opentracing-util:0.33.0
-io.perfmark:perfmark-api:0.19.0
+io.opencensus:opencensus-api:0.12.3
+io.opencensus:opencensus-contrib-grpc-metrics:0.12.3
io.reactivex:rxjava:1.3.8
io.reactivex:rxjava-string:1.1.1
io.reactivex:rxnetty:0.4.20
diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml
index 8a27afbf85be8..d83d994623974 100644
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@@ -144,7 +144,7 @@
2.9.0
3.2.4
3.10.6.Final
- 4.1.77.Final
+ 4.1.89.Final
1.1.8.2
1.7.1