Bump up Kafka client to 2.8.1 to fix CVE-2021-38153. (#9949)

671cb029 · wu-sheng · GitHub · d5388683 · 671cb029 · 671cb029
Showing with 14 addition and 13 deletion

dist-material/release-docs/LICENSE dist-material/release-docs/LICENSE +11 -11

docs/en/changes/changes.md docs/en/changes/changes.md +2 -1

oap-server-bom/pom.xml oap-server-bom/pom.xml +1 -1

未找到文件。
--- a/dist-material/release-docs/LICENSE
+++ b/dist-material/release-docs/LICENSE
@@ -355,6 +355,7 @@ The text of each license is the standard Apache 2.0 license.
    https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient/4.5.13 Apache-2.0
    https://mvnrepository.com/artifact/org.apache.httpcomponents/httpcore/4.4.13 Apache-2.0
    https://mvnrepository.com/artifact/org.apache.httpcomponents/httpcore-nio/4.4.13 Apache-2.0
+    https://mvnrepository.com/artifact/org.apache.kafka/kafka-clients/2.8.1 Apache-2.0
    https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-api/2.17.1 Apache-2.0
    https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/2.17.1 Apache-2.0
    https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-slf4j-impl/2.17.1 Apache-2.0
@@ -378,30 +379,21 @@ The text of each license is the standard Apache 2.0 license.
    https://mvnrepository.com/artifact/org.jetbrains.kotlinx/kotlinx-coroutines-jdk8/1.6.4 Apache-2.0
    https://mvnrepository.com/artifact/org.jetbrains.kotlinx/kotlinx-coroutines-reactive/1.6.4 Apache-2.0
    https://mvnrepository.com/artifact/org.jetbrains/annotations/13.0 Apache-2.0
-    https://mvnrepository.com/artifact/org.lz4/lz4-java/1.6.0 Apache-2.0
+    https://mvnrepository.com/artifact/org.lz4/lz4-java/1.7.1 Apache-2.0
    https://mvnrepository.com/artifact/org.mvel/mvel2/2.4.8.Final Apache-2.0
    https://mvnrepository.com/artifact/org.slf4j/jcl-over-slf4j/1.7.30 Apache-2.0
    https://mvnrepository.com/artifact/org.slf4j/log4j-over-slf4j/1.7.30 Apache-2.0
    https://mvnrepository.com/artifact/org.slf4j/slf4j-api/1.7.30 Apache-2.0
-    https://mvnrepository.com/artifact/org.xerial.snappy/snappy-java/1.1.7.3 Apache-2.0
+    https://mvnrepository.com/artifact/org.xerial.snappy/snappy-java/1.1.8.1 Apache-2.0
    https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.33 Apache-2.0
    https://npmjs.com/package/typescript/v/4.4.4 4.4.4 Apache-2.0

-========================================================================
-Apache-2.0 and CDDL-1.1 and BSD-3-Clause and BSD-2-Clause licenses
-========================================================================
-The following components are provided under the Apache-2.0 and CDDL-1.1 and BSD-3-Clause and BSD-2-Clause License. See project link for details.
-The text of each license is also included in licenses/LICENSE-[project].txt.
-
-    https://mvnrepository.com/artifact/org.apache.kafka/kafka-clients/2.4.1 Apache-2.0 and CDDL-1.1 and BSD-3-Clause and BSD-2-Clause
-
 ========================================================================
 BSD-2-Clause licenses
 ========================================================================
 The following components are provided under the BSD-2-Clause License. See project link for details.
 The text of each license is also included in licenses/LICENSE-[project].txt.

-    https://mvnrepository.com/artifact/com.github.luben/zstd-jni/1.4.3-1 BSD-2-Clause
    https://mvnrepository.com/artifact/org.postgresql/postgresql/42.4.1 BSD-2-Clause

 ========================================================================
@@ -629,6 +621,14 @@ The text of each license is also included in licenses/LICENSE-[project].txt.

    https://mvnrepository.com/artifact/com.google.re2j/re2j/1.5 https://golang.org/LICENSE

+========================================================================
+https://opensource.org/licenses/BSD-2-Clause;description=BSD 2-Clause License licenses
+========================================================================
+The following components are provided under the https://opensource.org/licenses/BSD-2-Clause;description=BSD 2-Clause License License. See project link for details.
+The text of each license is also included in licenses/LICENSE-[project].txt.
+
+    https://mvnrepository.com/artifact/com.github.luben/zstd-jni/1.4.9-1 https://opensource.org/licenses/BSD-2-Clause;description=BSD 2-Clause License
+
 ========================================================================
 https://spdx.org/licenses/MIT-0.html licenses
 ========================================================================

--- a/docs/en/changes/changes.md
+++ b/docs/en/changes/changes.md
@@ -105,7 +105,8 @@
 * Support span attached event concept in Zipkin and SkyWalking trace query.
 * Support span attached events on Zipkin lens UI.
 * Force UTF-8 encoding in `JsonLogHandler` of `kafka-fetcher-plugin`.
-* Fix max length to 512 of entity, instance and endpoint IDs in trace, log, profiling, topN tables(JDBC storages). The value was 200 by default. 
+* Fix max length to 512 of entity, instance and endpoint IDs in trace, log, profiling, topN tables(JDBC storages). The value was 200 by default.
+* Bump up Kafka client to 2.8.1 to fix CVE-2021-38153.

 #### UI


--- a/oap-server-bom/pom.xml
+++ b/oap-server-bom/pom.xml
@@ -74,7 +74,7 @@
        <httpcore.version>4.4.13</httpcore.version>
        <commons-compress.version>1.21</commons-compress.version>
        <banyandb-java-client.version>0.2.0</banyandb-java-client.version>
-        <kafka-clients.version>2.4.1</kafka-clients.version>
+        <kafka-clients.version>2.8.1</kafka-clients.version>
        <spring-kafka-test.version>2.4.6.RELEASE</spring-kafka-test.version>
    </properties>