Skip to content

Commit

Permalink
Upgrade apache pulsar to 3.3.2 to fix CVE-2024-47561 in Avro (branch-…
Browse files Browse the repository at this point in the history
…6.0) (#161)

* fix avro dependency

* fix avro exclusion
  • Loading branch information
nikhil-ctds authored Dec 6, 2024
1 parent 823730e commit 4df604b
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 0 deletions.
20 changes: 20 additions & 0 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,16 @@
<groupId>${pulsar.groupId}</groupId>
<artifactId>pulsar-client-original</artifactId>
<version>${pulsar.version}</version>
<exclusions>
<exclusion>
<groupId>org.apache.avro</groupId>
<artifactId>avro</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.avro</groupId>
<artifactId>avro-protobuf</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>${pulsar.groupId}</groupId>
Expand Down Expand Up @@ -188,6 +198,16 @@
<artifactId>jakarta.jms-api</artifactId>
<version>${jms.version}</version>
</dependency>
<dependency>
<groupId>org.apache.avro</groupId>
<artifactId>avro</artifactId>
<version>1.11.4</version>
</dependency>
<dependency>
<groupId>org.apache.avro</groupId>
<artifactId>avro-protobuf</artifactId>
<version>1.11.4</version>
</dependency>
<dependency>
<groupId>org.awaitility</groupId>
<artifactId>awaitility</artifactId>
Expand Down
20 changes: 20 additions & 0 deletions pulsar-jms/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,16 @@
<dependency>
<groupId>${pulsar.groupId}</groupId>
<artifactId>pulsar-client-original</artifactId>
<exclusions>
<exclusion>
<groupId>org.apache.avro</groupId>
<artifactId>avro</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.avro</groupId>
<artifactId>avro-protobuf</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>${pulsar.groupId}</groupId>
Expand Down Expand Up @@ -82,6 +92,16 @@
<artifactId>junit-jupiter-engine</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.avro</groupId>
<artifactId>avro</artifactId>
<version>1.11.4</version>
</dependency>
<dependency>
<groupId>org.apache.avro</groupId>
<artifactId>avro-protobuf</artifactId>
<version>1.11.4</version>
</dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-params</artifactId>
Expand Down

0 comments on commit 4df604b

Please sign in to comment.