Skip to content

Commit

Permalink
HIVE-28704: Upgrade pac4j core and opensamlv3 and exclude Javax.json …
Browse files Browse the repository at this point in the history 
…to fix CVE-2023-7272 (#5620) (Indhumathi Muthumurugesh, reviewed by Shohei Okumiya)
  • Loading branch information
@Indhumathi27
Indhumathi27 authored Feb 6, 2025
1 parent fcb59c8 commit 04c1102
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 2 deletions.
6 changes: 5 additions & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,7 @@
<netty.version>4.1.116.Final</netty.version>
<netty3.version>3.10.5.Final</netty3.version>
<!-- used by druid storage handler -->
<pac4j-saml.version>4.5.5</pac4j-saml.version>
<pac4j-saml.version>4.5.8</pac4j-saml.version>
<paranamer.version>2.8</paranamer.version>
<parquet.version>1.14.4</parquet.version>
<pig.version>0.16.0</pig.version>
Expand Down Expand Up @@ -880,6 +880,10 @@
<groupId>org.javassist</groupId>
<artifactId>javassist</artifactId>
</exclusion>
<exclusion>
<groupId>org.glassfish</groupId>
<artifactId>javax.json</artifactId>
</exclusion>
<exclusion>
<!-- The dependency included in pac4j is old and has known CVEs.
We exclude it from here and add a separate dependency down below.-->
Expand Down
4 changes: 4 additions & 0 deletions service/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,10 @@
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</exclusion>
<exclusion>
<groupId>org.glassfish</groupId>
<artifactId>javax.json</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
Expand Down
2 changes: 1 addition & 1 deletion standalone-metastore/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@
<slf4j.version>1.7.30</slf4j.version>
<httpcomponents.core.version>4.4.13</httpcomponents.core.version>
<httpcomponents.client.version>4.5.13</httpcomponents.client.version>
<pac4j-core.version>4.5.5</pac4j-core.version>
<pac4j-core.version>4.5.8</pac4j-core.version>
<nimbus-jose-jwt.version>9.37.3</nimbus-jose-jwt.version>
<jetty.version>9.4.45.v20220203</jetty.version>
<javax.annotation-api.version>1.3.2</javax.annotation-api.version>
Expand Down

0 comments on commit 04c1102

Please sign in to comment.