Skip to content
This repository has been archived by the owner on Aug 2, 2022. It is now read-only.

Commit

Permalink
Patch Release 1.13.2.1 (#1179)
Browse files Browse the repository at this point in the history
* [CVE Patch] Version Bump: SpringFramework and GSON (#1178)

* [CVE Patch] Version Bump: SpringFramework

Signed-off-by: Peng Huo <[email protected]>

* [CVE Patch] Version Bump: gson

Signed-off-by: Peng Huo <[email protected]>

* Release 1.13.2.1

Signed-off-by: Peng Huo <[email protected]>
  • Loading branch information
penghuo authored Jul 19, 2022
1 parent 46649d1 commit 248dcaa
Show file tree
Hide file tree
Showing 6 changed files with 15 additions and 11 deletions.
6 changes: 3 additions & 3 deletions core/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,8 @@ repositories {
dependencies {
// https://github.com/google/guava/wiki/CVE-2018-10237
compile group: 'com.google.guava', name: 'guava', version: '29.0-jre'
compile group: 'org.springframework', name: 'spring-context', version: '5.2.5.RELEASE'
compile group: 'org.springframework', name: 'spring-beans', version: '5.2.5.RELEASE'
compile group: 'org.springframework', name: 'spring-context', version: '5.2.20.RELEASE'
compile group: 'org.springframework', name: 'spring-beans', version: '5.2.20.RELEASE'
compile group: 'org.apache.commons', name: 'commons-lang3', version: '3.10'
compile group: 'com.facebook.presto', name: 'presto-matching', version: '0.240'
compile project(':common')
Expand Down Expand Up @@ -74,4 +74,4 @@ jacocoTestCoverageVerification {
}))
}
}
check.dependsOn jacocoTestCoverageVerification
check.dependsOn jacocoTestCoverageVerification
3 changes: 2 additions & 1 deletion integ-test/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ configurations.all {
resolutionStrategy.force 'com.google.guava:guava:29.0-jre'
resolutionStrategy.force 'com.fasterxml.jackson.core:jackson-core:2.10.5'
resolutionStrategy.force 'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.11.4'
resolutionStrategy.force 'com.google.code.gson:gson:2.8.9'
}

dependencies {
Expand All @@ -50,7 +51,7 @@ dependencies {
}
testCompile group: 'com.h2database', name: 'h2', version: '1.4.200'
testCompile group: 'org.xerial', name: 'sqlite-jdbc', version: '3.28.0'
testCompile group: 'com.google.code.gson', name: 'gson', version: '2.8.6'
testCompile group: 'com.google.code.gson', name: 'gson', version: '2.8.9'
}

dependencyLicenses.enabled = false
Expand Down
2 changes: 1 addition & 1 deletion plugin/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ configurations.all {
}

dependencies {
compile group: 'org.springframework', name: 'spring-beans', version: '5.2.5.RELEASE'
compile group: 'org.springframework', name: 'spring-beans', version: '5.2.20.RELEASE'
compile project(":ppl")
compile project(':legacy')
compile project(':elasticsearch')
Expand Down
7 changes: 3 additions & 4 deletions ppl/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,9 @@ dependencies {
compile "org.antlr:antlr4-runtime:4.7.1"
// https://github.com/google/guava/wiki/CVE-2018-10237
compile group: 'com.google.guava', name: 'guava', version: '29.0-jre'
compile group: 'org.elasticsearch', name: 'elasticsearch-x-content', version: "${es_version}"
compile group: 'org.json', name: 'json', version: '20180813'
compile group: 'org.springframework', name: 'spring-context', version: '5.2.5.RELEASE'
compile group: 'org.springframework', name: 'spring-beans', version: '5.2.5.RELEASE'
compile group: 'org.springframework', name: 'spring-context', version: '5.2.20.RELEASE'
compile group: 'org.springframework', name: 'spring-beans', version: '5.2.20.RELEASE'
compile group: 'org.apache.logging.log4j', name: 'log4j-core', version:'2.11.1'
compile project(':common')
compile project(':core')
Expand Down Expand Up @@ -82,4 +81,4 @@ jacocoTestCoverageVerification {
}))
}
}
check.dependsOn jacocoTestCoverageVerification
check.dependsOn jacocoTestCoverageVerification
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
## 2022-7-20 Version 1.13.2.1

### Security Fix
* [CVE Patch] Version Bump: SpringFramework and GSON ([#1022](https://github.com/opendistro-for-elasticsearch/sql/pull/1178))
4 changes: 2 additions & 2 deletions sql/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@ dependencies {
// https://github.com/google/guava/wiki/CVE-2018-10237
implementation group: 'com.google.guava', name: 'guava', version: '29.0-jre'
compile group: 'org.json', name: 'json', version:'20180813'
compile group: 'org.springframework', name: 'spring-context', version: '5.2.5.RELEASE'
compile group: 'org.springframework', name: 'spring-beans', version: '5.2.5.RELEASE'
compile group: 'org.springframework', name: 'spring-context', version: '5.2.20.RELEASE'
compile group: 'org.springframework', name: 'spring-beans', version: '5.2.20.RELEASE'
compile project(':common')
compile project(':core')
compile project(':protocol')
Expand Down

0 comments on commit 248dcaa

Please sign in to comment.