Browse Source

issue-10356: upgrade logback to fix cve (#10357)

(cherry picked from commit d044e0479d)
3.0.0/version-upgrade
PJ Fanning 3 years ago committed by devosend
parent
commit
67f6c003f7
  1. 4
      dolphinscheduler-dist/release-docs/LICENSE
  2. 2
      pom.xml
  3. 4
      tools/dependencies/known-dependencies.txt

4
dolphinscheduler-dist/release-docs/LICENSE vendored

@ -506,8 +506,8 @@ EPL licenses
The following components are provided under the EPL License. See project link for details.
The text of each license is also included at licenses/LICENSE-[project].txt.
aspectjweaver 1.9.7:https://mvnrepository.com/artifact/org.aspectj/aspectjweaver/1.9.7, EPL 1.0
logback-classic 1.2.3: https://mvnrepository.com/artifact/ch.qos.logback/logback-classic/1.2.3, EPL 1.0 and LGPL 2.1
logback-core 1.2.3: https://mvnrepository.com/artifact/ch.qos.logback/logback-core/1.2.3, EPL 1.0 and LGPL 2.1
logback-classic 1.2.11: https://mvnrepository.com/artifact/ch.qos.logback/logback-classic/1.2.11, EPL 1.0 and LGPL 2.1
logback-core 1.2.11: https://mvnrepository.com/artifact/ch.qos.logback/logback-core/1.2.11, EPL 1.0 and LGPL 2.1
h2-1.4.200 https://github.com/h2database/h2database/blob/master/LICENSE.txt, MPL 2.0 or EPL 1.0
========================================================================

2
pom.xml

@ -55,7 +55,7 @@
<spring.version>5.3.12</spring.version>
<spring.boot.version>2.5.6</spring.boot.version>
<java.version>1.8</java.version>
<logback.version>1.2.3</logback.version>
<logback.version>1.2.11</logback.version>
<hadoop.version>2.7.3</hadoop.version>
<quartz.version>2.3.2</quartz.version>
<jackson.version>2.10.5</jackson.version>

4
tools/dependencies/known-dependencies.txt

@ -151,8 +151,8 @@ libfb303-0.9.3.jar
libthrift-0.9.3.jar
log4j-1.2-api-2.14.1.jar
log4j-1.2.17.jar
logback-classic-1.2.3.jar
logback-core-1.2.3.jar
logback-classic-1.2.11.jar
logback-core-1.2.11.jar
lz4-1.3.0.jar
mapstruct-1.2.0.Final.jar
micrometer-core-1.7.5.jar

Loading…
Cancel
Save