Skip to content
This repository was archived by the owner on Aug 2, 2022. It is now read-only.

Commit 248dcaa

Browse files
authored
Patch Release 1.13.2.1 (#1179)
* [CVE Patch] Version Bump: SpringFramework and GSON (#1178) * [CVE Patch] Version Bump: SpringFramework Signed-off-by: Peng Huo <penghuo@gmail.com> * [CVE Patch] Version Bump: gson Signed-off-by: Peng Huo <penghuo@gmail.com> * Release 1.13.2.1 Signed-off-by: Peng Huo <penghuo@gmail.com>
1 parent 46649d1 commit 248dcaa

File tree

6 files changed

+15
-11
lines changed

6 files changed

+15
-11
lines changed

core/build.gradle

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -17,8 +17,8 @@ repositories {
1717
dependencies {
1818
// https://github.com/google/guava/wiki/CVE-2018-10237
1919
compile group: 'com.google.guava', name: 'guava', version: '29.0-jre'
20-
compile group: 'org.springframework', name: 'spring-context', version: '5.2.5.RELEASE'
21-
compile group: 'org.springframework', name: 'spring-beans', version: '5.2.5.RELEASE'
20+
compile group: 'org.springframework', name: 'spring-context', version: '5.2.20.RELEASE'
21+
compile group: 'org.springframework', name: 'spring-beans', version: '5.2.20.RELEASE'
2222
compile group: 'org.apache.commons', name: 'commons-lang3', version: '3.10'
2323
compile group: 'com.facebook.presto', name: 'presto-matching', version: '0.240'
2424
compile project(':common')
@@ -74,4 +74,4 @@ jacocoTestCoverageVerification {
7474
}))
7575
}
7676
}
77-
check.dependsOn jacocoTestCoverageVerification
77+
check.dependsOn jacocoTestCoverageVerification

integ-test/build.gradle

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ configurations.all {
3030
resolutionStrategy.force 'com.google.guava:guava:29.0-jre'
3131
resolutionStrategy.force 'com.fasterxml.jackson.core:jackson-core:2.10.5'
3232
resolutionStrategy.force 'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.11.4'
33+
resolutionStrategy.force 'com.google.code.gson:gson:2.8.9'
3334
}
3435

3536
dependencies {
@@ -50,7 +51,7 @@ dependencies {
5051
}
5152
testCompile group: 'com.h2database', name: 'h2', version: '1.4.200'
5253
testCompile group: 'org.xerial', name: 'sqlite-jdbc', version: '3.28.0'
53-
testCompile group: 'com.google.code.gson', name: 'gson', version: '2.8.6'
54+
testCompile group: 'com.google.code.gson', name: 'gson', version: '2.8.9'
5455
}
5556

5657
dependencyLicenses.enabled = false

plugin/build.gradle

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ configurations.all {
3939
}
4040

4141
dependencies {
42-
compile group: 'org.springframework', name: 'spring-beans', version: '5.2.5.RELEASE'
42+
compile group: 'org.springframework', name: 'spring-beans', version: '5.2.20.RELEASE'
4343
compile project(":ppl")
4444
compile project(':legacy')
4545
compile project(':elasticsearch')

ppl/build.gradle

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -27,10 +27,9 @@ dependencies {
2727
compile "org.antlr:antlr4-runtime:4.7.1"
2828
// https://github.com/google/guava/wiki/CVE-2018-10237
2929
compile group: 'com.google.guava', name: 'guava', version: '29.0-jre'
30-
compile group: 'org.elasticsearch', name: 'elasticsearch-x-content', version: "${es_version}"
3130
compile group: 'org.json', name: 'json', version: '20180813'
32-
compile group: 'org.springframework', name: 'spring-context', version: '5.2.5.RELEASE'
33-
compile group: 'org.springframework', name: 'spring-beans', version: '5.2.5.RELEASE'
31+
compile group: 'org.springframework', name: 'spring-context', version: '5.2.20.RELEASE'
32+
compile group: 'org.springframework', name: 'spring-beans', version: '5.2.20.RELEASE'
3433
compile group: 'org.apache.logging.log4j', name: 'log4j-core', version:'2.11.1'
3534
compile project(':common')
3635
compile project(':core')
@@ -82,4 +81,4 @@ jacocoTestCoverageVerification {
8281
}))
8382
}
8483
}
85-
check.dependsOn jacocoTestCoverageVerification
84+
check.dependsOn jacocoTestCoverageVerification
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
## 2022-7-20 Version 1.13.2.1
2+
3+
### Security Fix
4+
* [CVE Patch] Version Bump: SpringFramework and GSON ([#1022](https://github.com/opendistro-for-elasticsearch/sql/pull/1178))

sql/build.gradle

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,8 +28,8 @@ dependencies {
2828
// https://github.com/google/guava/wiki/CVE-2018-10237
2929
implementation group: 'com.google.guava', name: 'guava', version: '29.0-jre'
3030
compile group: 'org.json', name: 'json', version:'20180813'
31-
compile group: 'org.springframework', name: 'spring-context', version: '5.2.5.RELEASE'
32-
compile group: 'org.springframework', name: 'spring-beans', version: '5.2.5.RELEASE'
31+
compile group: 'org.springframework', name: 'spring-context', version: '5.2.20.RELEASE'
32+
compile group: 'org.springframework', name: 'spring-beans', version: '5.2.20.RELEASE'
3333
compile project(':common')
3434
compile project(':core')
3535
compile project(':protocol')

0 commit comments

Comments
 (0)