'flume git commit: FLUME-3132. Upgrade tomcat jasper library dependencies'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       flume-commits
Subject:    flume git commit: FLUME-3132. Upgrade tomcat jasper library dependencies
From:       denes () apache ! org
Date:       2017-08-24 18:18:58
Message-ID: e09d8d1d6f46425688784d57f384a163 () git ! apache ! org
[Download RAW message or body]

Repository: flume
Updated Branches:
  refs/heads/trunk 3cd1b3313 -> 0cc7542dd


FLUME-3132. Upgrade tomcat jasper library dependencies

Exclude the vulnerable jasper library transitive dependencies from hadoop, hbase
dependencies.

This closes #152

Reviewers: Attila Simon, Miklos Csanady

(Ferenc Szabo via Denes Arvay)


Project: http://git-wip-us.apache.org/repos/asf/flume/repo
Commit: http://git-wip-us.apache.org/repos/asf/flume/commit/0cc7542d
Tree: http://git-wip-us.apache.org/repos/asf/flume/tree/0cc7542d
Diff: http://git-wip-us.apache.org/repos/asf/flume/diff/0cc7542d

Branch: refs/heads/trunk
Commit: 0cc7542ddc18239754befb19408dc3aca4337a66
Parents: 3cd1b33
Author: Ferenc Szabo <fszabo@cloudera.com>
Authored: Mon Aug 14 18:34:33 2017 +0200
Committer: Denes Arvay <denes@apache.org>
Committed: Thu Aug 24 18:43:11 2017 +0200

----------------------------------------------------------------------
 pom.xml | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/flume/blob/0cc7542d/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index c0bd052..e901248 100644
--- a/pom.xml
+++ b/pom.xml
@@ -210,6 +210,16 @@ limitations under the License.
             <groupId>org.apache.hadoop</groupId>
             <artifactId>hadoop-hdfs</artifactId>
             <version>${hadoop.version}</version>
+            <exclusions>
+              <exclusion>
+                <groupId>tomcat</groupId>
+                <artifactId>jasper-compiler</artifactId>
+              </exclusion>
+              <exclusion>
+                <groupId>tomcat</groupId>
+                <artifactId>jasper-runtime</artifactId>
+              </exclusion>
+            </exclusions>
           </dependency>
           <dependency>
             <groupId>org.apache.hadoop</groupId>
@@ -220,6 +230,16 @@ limitations under the License.
             <groupId>org.apache.hadoop</groupId>
             <artifactId>hadoop-minicluster</artifactId>
             <version>${hadoop.version}</version>
+            <exclusions>
+              <exclusion>
+                <groupId>tomcat</groupId>
+                <artifactId>jasper-compiler</artifactId>
+              </exclusion>
+              <exclusion>
+                <groupId>tomcat</groupId>
+                <artifactId>jasper-runtime</artifactId>
+              </exclusion>
+            </exclusions>
           </dependency>
           <dependency>
             <groupId>org.apache.hadoop</groupId>
@@ -292,11 +312,31 @@ limitations under the License.
             <groupId>org.apache.hadoop</groupId>
             <artifactId>hadoop-hdfs</artifactId>
             <version>${hadoop.version}</version>
+            <exclusions>
+              <exclusion>
+                <groupId>tomcat</groupId>
+                <artifactId>jasper-compiler</artifactId>
+              </exclusion>
+              <exclusion>
+                <groupId>tomcat</groupId>
+                <artifactId>jasper-runtime</artifactId>
+              </exclusion>
+            </exclusions>
           </dependency>
           <dependency>
             <groupId>org.apache.hadoop</groupId>
             <artifactId>hadoop-minicluster</artifactId>
             <version>${hadoop.version}</version>
+            <exclusions>
+              <exclusion>
+                <groupId>tomcat</groupId>
+                <artifactId>jasper-compiler</artifactId>
+              </exclusion>
+              <exclusion>
+                <groupId>tomcat</groupId>
+                <artifactId>jasper-runtime</artifactId>
+              </exclusion>
+            </exclusions>
           </dependency>
           <dependency>
             <groupId>org.apache.hadoop</groupId>
@@ -362,6 +402,16 @@ limitations under the License.
             <artifactId>hbase-server</artifactId>
             <version>${hbase.version}</version>
             <scope>test</scope>
+            <exclusions>
+              <exclusion>
+                <groupId>tomcat</groupId>
+                <artifactId>jasper-compiler</artifactId>
+              </exclusion>
+              <exclusion>
+                <groupId>tomcat</groupId>
+                <artifactId>jasper-runtime</artifactId>
+              </exclusion>
+            </exclusions>
           </dependency>
 
           <dependency>
@@ -370,6 +420,16 @@ limitations under the License.
             <version>${hbase.version}</version>
             <classifier>tests</classifier>
             <scope>test</scope>
+            <exclusions>
+              <exclusion>
+                <groupId>tomcat</groupId>
+                <artifactId>jasper-compiler</artifactId>
+              </exclusion>
+              <exclusion>
+                <groupId>tomcat</groupId>
+                <artifactId>jasper-runtime</artifactId>
+              </exclusion>
+            </exclusions>
           </dependency>
 
           <dependency>
@@ -1053,6 +1113,16 @@ limitations under the License.
         <artifactId>hadoop-common</artifactId>
         <version>${hadoop.version}</version>
         <optional>true</optional>
+        <exclusions>
+          <exclusion>
+            <groupId>tomcat</groupId>
+            <artifactId>jasper-compiler</artifactId>
+          </exclusion>
+          <exclusion>
+            <groupId>tomcat</groupId>
+            <artifactId>jasper-runtime</artifactId>
+          </exclusion>
+        </exclusions>
       </dependency>
 
       <dependency>

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic