v5.3.4 Vulnerability issues for 3rd party libraries fixed

IBMStreams · Oct 6, 2023 · 3acc43e · 3acc43e
1 parent ad6fc5a
commit 3acc43e
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 8 deletions.
diff --git a/com.ibm.streamsx.hdfs/CHANGELOG.md b/com.ibm.streamsx.hdfs/CHANGELOG.md
@@ -1,8 +1,12 @@
 # Changes
 =======
 
+## v5.3.4:
+* fix Vulnerabilities CVE-2022-42889,  CVE-2022-25168 and CVE-2021-33036
+  hadoop jar libraries upgraded to version 3.3.6
+
 ## v5.3.3:
-* [#133}fix Vulnerabilities in 3rd party jar libraries)
+* fix Vulnerabilities in 3rd party jar libraries
 
 ## v5.3.2:
 * [#133](https://github.com/IBMStreams/streamsx.hdfs/issues/140) slf4j jars updated (fix the log4j issue)

diff --git a/com.ibm.streamsx.hdfs/info.xml b/com.ibm.streamsx.hdfs/info.xml
@@ -211,9 +211,16 @@ The 'tempFile' parameter specifies the name of the file that the operator writes
 
 * pom.xml updated to use the latest apache libraries
 
+++ What is new in version 5.3.4
+
+* The Vulnerability issues for 3rd party libraries have been fixed
+* hadoop libraries upgraded to version 3.3.6
+* commons-cli upgraded to 1.5.0
+* commons-codecs upgraded to 1.16.1
+
 
 </description>
-    <version>5.3.3</version>
+    <version>5.3.4</version>
     <requiredProductVersion>4.2.0.0</requiredProductVersion>
   </identity>
   <dependencies/>

diff --git a/com.ibm.streamsx.hdfs/pom.xml b/com.ibm.streamsx.hdfs/pom.xml
@@ -8,7 +8,7 @@
 	<groupId>com.ibm.streamsx.hdfs</groupId>
 	<artifactId>streamsx.hdfs</artifactId>
 	<packaging>jar</packaging>
-	<version>5.3.3</version>
+	<version>5.3.4</version>
 	<name>com.ibm.streamsx.hdfs</name>
 	<repositories>
 		<repository>
@@ -135,7 +135,7 @@
 		<dependency>
 			<groupId>org.apache.hadoop</groupId>
 			<artifactId>hadoop-annotations</artifactId>
-			<version>3.3.0</version>
+			<version>3.3.6</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -147,7 +147,7 @@
 		<dependency>
 			<groupId>org.apache.hadoop</groupId>
 			<artifactId>hadoop-auth</artifactId>
-			<version>3.3.0</version>
+			<version>3.3.6</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -159,7 +159,7 @@
 		<dependency>
 			<groupId>org.apache.hadoop</groupId>
 			<artifactId>hadoop-common</artifactId>
-			<version>3.3.0</version>
+			<version>3.3.6</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -171,7 +171,7 @@
 		<dependency>
 			<groupId>org.apache.hadoop</groupId>
 			<artifactId>hadoop-hdfs</artifactId>
-			<version>3.3.0</version>
+			<version>3.3.6</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -183,7 +183,7 @@
 		<dependency>
 			<groupId>org.apache.hadoop</groupId>
 			<artifactId>hadoop-hdfs-client</artifactId>
-			<version>3.3.0</version>
+			<version>3.3.6</version>
 			<exclusions>
 				<exclusion>
 					<groupId>*</groupId>
@@ -192,6 +192,22 @@
 			</exclusions>
 		</dependency>
 
+
+		<dependency>
+    			<groupId>org.apache.hadoop.thirdparty</groupId>
+    			<artifactId>hadoop-shaded-guava</artifactId>
+    			<version>1.1.1</version>
+                        <exclusions>
+                                <exclusion>
+                                        <groupId>*</groupId>
+                                        <artifactId>*</artifactId>
+                                </exclusion>
+                        </exclusions>
+		</dependency>
+
+
+
+
 		<dependency>
 			<groupId>org.apache.htrace</groupId>
 			<artifactId>htrace-core4</artifactId>