Skip to content

Commit 6ce1b08

Browse files
razvanrazvan
committed
fix(druid): CVE-2023-34455 
1 parent 6b8b7af commit 6ce1b08

File tree

1 file changed

+17
-5
lines changed

1 file changed

+17
-5
lines changed

druid/stackable/patches/30.0.0/02-prometheus-emitter-from-source.patch

Lines changed: 17 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,13 @@ Include Prometheus emitter in distribution
22

33
From: Lars Francke <[email protected]>
44

5-
6-
---
7-
0 files changed
5+
Update 2024-11-14: fix CVE-2023-34455
86

97
diff --git a/distribution/pom.xml b/distribution/pom.xml
10-
index d7cd645767..eda1ddcfab 100644
8+
index e27329e96d..ea79123ab3 100644
119
--- a/distribution/pom.xml
1210
+++ b/distribution/pom.xml
13-
@@ -464,6 +464,52 @@
11+
@@ -464,6 +464,66 @@
1412
</plugins>
1513
</build>
1614
</profile>
@@ -55,6 +53,20 @@ index d7cd645767..eda1ddcfab 100644
5553
+ </arguments>
5654
+ </configuration>
5755
+ </execution>
56+
+ <execution>
57+
+ <id>fix-cve-2023-34455-remove-snappy</id>
58+
+ <phase>package</phase>
59+
+ <goals>
60+
+ <goal>exec</goal>
61+
+ </goals>
62+
+ <configuration>
63+
+ <executable>rm</executable>
64+
+ <arguments>
65+
+ <argument>${project.build.directory}/hadoop-dependencies/hadoop-client-api/3.3.6/snappy-java-1.1.8.2.jar</argument>
66+
+ <argument>${project.build.directory}/hadoop-dependencies/hadoop-client-runtime/3.3.6/snappy-java-1.1.8.2.jar</argument>
67+
+ </arguments>
68+
+ </configuration>
69+
+ </execution>
5870
+ </executions>
5971
+ </plugin>
6072
+ </plugins>

0 commit comments

Comments
 (0)