This is an automated email from the ASF dual-hosted git repository. joemcdonnell pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/impala.git
commit 83c5e6e4098d8ed75de09a7e228d6ef10de2ee12 Author: Michael Smith <[email protected]> AuthorDate: Mon Oct 17 15:09:08 2022 -0700 IMPALA-11670: Upgrade components, add envvars for override Upgrades guava to 31.1-jre and jackson-databind to 2.13.4.2 to address CVEs. Adds environment variables for commonly-updated components so they can be customized via the branch-specific impala-config-branch.sh in a way that allows both to be updated regularly without merge conflicts. Also updates httpcomponents.httpcore to 4.4.14 to be consistent with other httpcomponents libraries included transitively. Change-Id: I1c2c4481ca3f498abf302aa05361d950b1ed1216 Reviewed-on: http://gerrit.cloudera.org:8080/19147 Reviewed-by: Joe McDonnell <[email protected]> Tested-by: Impala Public Jenkins <[email protected]> --- bin/impala-config.sh | 16 +++++++++++++++- java/pom.xml | 33 ++++++++++++++++++--------------- 2 files changed, 33 insertions(+), 16 deletions(-) diff --git a/bin/impala-config.sh b/bin/impala-config.sh index 4aef3bcf7..718984009 100755 --- a/bin/impala-config.sh +++ b/bin/impala-config.sh @@ -221,10 +221,24 @@ export APACHE_OZONE_VERSION=1.2.1 export ARCH_NAME=$(uname -p) +# Java dependencies that are not also runtime components. Declaring versions here allows +# other branches to override them in impala-config-branch.sh for cleaner patches. +export IMPALA_BOUNCY_CASTLE_VERSION=1.68 +export IMPALA_COS_VERSION=3.1.0-8.0.8 +export IMPALA_DERBY_VERSION=10.14.2.0 +export IMPALA_GUAVA_VERSION=31.1-jre export IMPALA_HUDI_VERSION=0.5.0-incubating +export IMPALA_HTTP_CORE_VERSION=4.4.14 +export IMPALA_JACKSON_DATABIND_VERSION=2.13.4.2 +export IMPALA_JSON_SMART_VERSION=2.4.7 +export IMPALA_JUNIT_VERSION=4.12 export IMPALA_KITE_VERSION=1.1.0 export IMPALA_ORC_JAVA_VERSION=1.7.6 -export IMPALA_COS_VERSION=3.1.0-8.0.8 +export IMPALA_PAC4J_VERSION=4.5.5 +export IMPALA_RELOAD4j_VERSION=1.2.22 +export IMPALA_SLF4J_VERSION=2.0.3 +export IMPALA_SPRINGFRAMEWORK_VERSION=5.3.20 +export IMPALA_XMLSEC_VERSION=2.2.3 # When Impala is building docker images on Redhat-based distributions, # it is useful to be able to customize the base image. Some users will diff --git a/java/pom.xml b/java/pom.xml index b4e75a17f..5a76a72f4 100644 --- a/java/pom.xml +++ b/java/pom.xml @@ -25,6 +25,11 @@ under the License. <packaging>pom</packaging> <name>Apache Impala Parent POM</name> + <!-- + When adding new properties to control library versions, also add them to + bin/impala-config.sh as environment variables so other branches can easily override + them in bin/impala-config-branch.sh for cleaner patches. + --> <properties> <surefire.reports.dir>${env.IMPALA_LOGS_DIR}/fe_tests</surefire.reports.dir> <jacoco.skip>true</jacoco.skip> @@ -53,30 +58,28 @@ under the License. <impala.query.event.hook.api.version>${project.version}</impala.query.event.hook.api.version> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <kudu.version>${env.IMPALA_KUDU_VERSION}</kudu.version> - <commons-io.version>2.6</commons-io.version> - <slf4j.version>2.0.3</slf4j.version> - <reload4j.version>1.2.22</reload4j.version> - <junit.version>4.12</junit.version> + <slf4j.version>${env.IMPALA_SLF4J_VERSION}</slf4j.version> + <reload4j.version>${env.IMPALA_RELOAD4j_VERSION}</reload4j.version> + <junit.version>${env.IMPALA_JUNIT_VERSION}</junit.version> <!-- Beware compatibility requirements with Thrift and KMS; see IMPALA-4210. --> - <httpcomponents.core.version>4.4.9</httpcomponents.core.version> + <httpcomponents.core.version>${env.IMPALA_HTTP_CORE_VERSION}</httpcomponents.core.version> <yarn-extras.version>${project.version}</yarn-extras.version> <eclipse.output.directory>eclipse-classes</eclipse.output.directory> <!-- hive-exec seems to leak this version of guava onto our classpath, so it's important to depend on the same one --> - <guava.version>28.1-jre</guava.version> - <derby.version>10.14.2.0</derby.version> - <jackson-databind.version>2.12.6.1</jackson-databind.version> + <guava.version>${env.IMPALA_GUAVA_VERSION}</guava.version> + <derby.version>${env.IMPALA_DERBY_VERSION}</derby.version> + <jackson-databind.version>${env.IMPALA_JACKSON_DATABIND_VERSION}</jackson-databind.version> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <iceberg.version>${env.IMPALA_ICEBERG_VERSION}</iceberg.version> - <pac4j.version>4.5.5</pac4j.version> + <pac4j.version>${env.IMPALA_PAC4J_VERSION}</pac4j.version> <!-- xmlsec, bcprov-jdk15on and springframework are not used by Impala directly, - but they are needed by pac4j. This uses a newer xmlsec/spring to address CVEs, - but bcprov-jdk15on matches the versions from pac4j 4.5.5. --> - <xmlsec.version>2.2.3</xmlsec.version> - <bouncy-castle.version>1.68</bouncy-castle.version> - <springframework.version>5.3.20</springframework.version> - <json-smart.version>2.4.7</json-smart.version> + but they are needed by pac4j. This uses newer versions to address CVEs. --> + <xmlsec.version>${env.IMPALA_XMLSEC_VERSION}</xmlsec.version> + <bouncy-castle.version>${env.IMPALA_BOUNCY_CASTLE_VERSION}</bouncy-castle.version> + <springframework.version>${env.IMPALA_SPRINGFRAMEWORK_VERSION}</springframework.version> + <json-smart.version>${env.IMPALA_JSON_SMART_VERSION}</json-smart.version> </properties> <repositories>
