Home Explore Help
Register Sign In
apache
/
hadoop
mirror of https://github.com/apache/hadoop.git
2
0
Fork 1
Files Issues 0 Wiki
Browse Source

HADOOP-18949. upgrade maven dependency plugin due to CVE-2021-26291. (#6219)

Addresses CVE-2021-26291. "Origin Validation Error in Apache Maven"

Contributed by PJ Fanning.
PJ Fanning 1 year ago
parent
9c7e5b66fa
commit
0042544bf2
1 changed files with 32 additions and 2 deletions
Split View Show Diff Stats
  1. 32 2
      hadoop-maven-plugins/pom.xml

+ 32 - 2
hadoop-maven-plugins/pom.xml
View File 

@@ -26,26 +26,56 @@
 
   <packaging>maven-plugin</packaging>
 
   <name>Apache Hadoop Maven Plugins</name>
 
   <properties>
 
-    <maven.dependency.version>3.0.5</maven.dependency.version>
 
-    <maven.plugin-tools.version>3.6.0</maven.plugin-tools.version>
 
+    <maven.dependency.version>3.9.5</maven.dependency.version>
 
+    <maven.plugin-tools.version>3.10.1</maven.plugin-tools.version>
 
+    <plexus.classworlds.version>2.7.0</plexus.classworlds.version>
 
+    <sisu.inject.version>0.3.5</sisu.inject.version>
 
   </properties>
 
   <dependencies>
 
     <dependency>
 
       <groupId>org.apache.maven</groupId>
 
       <artifactId>maven-plugin-api</artifactId>
 
       <version>${maven.dependency.version}</version>
 
+      <exclusions>
 
+        <exclusion>
 
+          <groupId>org.eclipse.sisu</groupId>
 
+          <artifactId>org.eclipse.sisu.inject</artifactId>
 
+        </exclusion>
 
+        <exclusion>
 
+          <groupId>org.codehaus.plexus</groupId>
 
+          <artifactId>plexus-classworlds</artifactId>
 
+        </exclusion>
 
+      </exclusions>
 
     </dependency>
 
     <dependency>
 
       <groupId>org.apache.maven</groupId>
 
       <artifactId>maven-core</artifactId>
 
       <version>${maven.dependency.version}</version>
 
       <exclusions>
 
+        <exclusion>
 
+          <groupId>org.eclipse.sisu</groupId>
 
+          <artifactId>org.eclipse.sisu.inject</artifactId>
 
+        </exclusion>
 
         <exclusion>
 
           <groupId>org.sonatype.sisu</groupId>
 
           <artifactId>sisu-inject-plexus</artifactId>
 
         </exclusion>
 
+        <exclusion>
 
+          <groupId>org.codehaus.plexus</groupId>
 
+          <artifactId>plexus-classworlds</artifactId>
 
+        </exclusion>
 
       </exclusions>
 
     </dependency>
 
+    <dependency>
 
+      <groupId>org.codehaus.plexus</groupId>
 
+      <artifactId>plexus-classworlds</artifactId>
 
+      <version>${plexus.classworlds.version}</version>
 
+    </dependency>
 
+    <dependency>
 
+      <groupId>org.eclipse.sisu</groupId>
 
+      <artifactId>org.eclipse.sisu.inject</artifactId>
 
+      <version>${sisu.inject.version}</version>
 
+    </dependency>
 
     <dependency>
 
       <groupId>org.apache.maven.plugin-tools</groupId>
 
       <artifactId>maven-plugin-annotations</artifactId>