apache/celeborn
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
80458d18fa
celeborn/dev
History
pengqli 80458d18fa upgrade snappy-java from 1.1.8.2 to 1.1.10.5 
### What changes were proposed in this pull request?
upgrade snappy-java from 1.1.8.2 to 1.1.10.5 reducing direct CVE vulnerabilities

### Why are the changes needed?
The snappy-java 1.1.8.2 version has the follow CVE vulnerabilities, see
https://scout.docker.com/vulnerabilities/id/CVE-2023-43642
https://scout.docker.com/vulnerabilities/id/CVE-2023-34455

### Does this PR introduce _any_ user-facing change?
No any user-facing change

### How was this patch tested?
`./build/make-distribution.sh` to package and run test on the local

Closes #2143 from dev-lpq/update_snappy_java.

Authored-by: pengqli <pengqli@cisco.com>
Signed-off-by: zky.zhoukeyong <zky.zhoukeyong@alibaba-inc.com>
2023-12-11 18:38:06 +08:00
..
deps upgrade snappy-java from 1.1.8.2 to 1.1.10.5 2023-12-11 18:38:06 +08:00
checkout_pr.sh [INFRA] Inroduce checkout_pr.sh shell script (#968) 2022-11-14 22:28:43 +08:00
dependencies.sh [CELEBORN-1092] Introduce JVM monitoring in Celeborn Worker using JVMQuake 2023-11-28 20:45:08 +08:00
merge_pr.py [CELEBORN-937][INFRA] Improve branch suggestion for backporting 2023-09-01 00:20:42 +08:00
reformat [CELEBORN-1105][FLINK] Support Flink 1.18 2023-11-06 15:53:39 +08:00