tool
/
starrocks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[BugFix][CVE] CVE-2025-55163 fix, bump io.netty version (backport #62041) (#62057) 

Signed-off-by: Kevin Cai <kevin.cai@celerdata.com>
Co-authored-by: Kevin Cai <caixiaohua@starrocks.com>
This commit is contained in:
mergify[bot] 2025-08-19 04:51:47 +00:00 committed by GitHub
parent 89bc4ff068
commit 3e09498f8f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 29 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fe/build.gradle.kts
View File

@ -59,7 +59,7 @@ subprojects {
set("hive-apache.version", "3.1.2-22")
set("hudi.version", "1.0.2")
set("iceberg.version", "1.9.0")
set("io.netty.version", "4.1.118.Final")
set("io.netty.version", "4.1.124.Final")
set("jackson.version", "2.15.2")
set("jetty.version", "9.4.57.v20241219")
set("jprotobuf-starrocks.version", "1.0.0")

2
fe/pom.xml
View File

@ -62,7 +62,7 @@ under the License.
<kafka-clients.version>3.4.0</kafka-clients.version>
<arrow.version>18.0.0</arrow.version>
<grpc.version>1.63.0</grpc.version>
<io.netty.version>4.1.118.Final</io.netty.version>
<io.netty.version>4.1.124.Final</io.netty.version>
<puppycrawl.version>10.21.1</puppycrawl.version>
<aws-v2-sdk.version>2.29.52</aws-v2-sdk.version>
<avro.version>1.12.0</avro.version>

13
fs_brokers/apache_hdfs_broker/src/broker-core/pom.xml
View File

@ -132,6 +132,10 @@ under the License.
<artifactId>avro</artifactId>
<groupId>org.apache.avro</groupId>
</exclusion>
<exclusion>
<groupId>io.netty</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
@ -149,6 +153,10 @@ under the License.
<artifactId>com.fasterxml.jackson.core</artifactId>
<groupId>jackson-databind</groupId>
</exclusion>
<exclusion>
<groupId>io.netty</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
@ -267,6 +275,11 @@ under the License.
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-all</artifactId>
</dependency>
</dependencies>
<build>

17
fs_brokers/apache_hdfs_broker/src/pom.xml
View File

@ -50,6 +50,7 @@ under the License.
<jackson.version>2.18.3</jackson.version>
<avro.version>1.11.4</avro.version>
<jetty.version>9.4.57.v20241219</jetty.version>
<io.netty.version>4.1.124.Final</io.netty.version>
</properties>
<profiles>
@ -205,8 +206,8 @@ under the License.
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-handler</artifactId>
<version>4.1.118.Final</version>
<artifactId>netty-all</artifactId>
<version>${io.netty.version}</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-auth -->
@ -229,8 +230,8 @@ under the License.
<version>${zookeeper.version}</version>
<exclusions>
<exclusion>
<artifactId>io.netty</artifactId>
<groupId>netty-handler</groupId>
<groupId>io.netty</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
@ -256,6 +257,10 @@ under the License.
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
</exclusion>
<exclusion>
<groupId>io.netty</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
@ -275,6 +280,10 @@ under the License.
<artifactId>com.fasterxml.jackson.core</artifactId>
<groupId>jackson-databind</groupId>
</exclusion>
<exclusion>
<groupId>io.netty</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>

2
java-extensions/pom.xml
View File

@ -41,7 +41,7 @@
<jni-connector.version>1.0.0</jni-connector.version>
<hadoop-ext.version>1.0.0</hadoop-ext.version>
<java-utils.version>1.0.0</java-utils.version>
<io.netty.version>4.1.118.Final</io.netty.version>
<io.netty.version>4.1.124.Final</io.netty.version>
<protobuf-java.version>3.25.5</protobuf-java.version>
<nimbusds.version>9.37.2</nimbusds.version>
<commons-io.version>2.14.0</commons-io.version>