Skip to content

Commit

Permalink
Fix PRISMA-2023-0067 in main.jar (#16169)
Browse files Browse the repository at this point in the history
  • Loading branch information
valenad1 authored Jun 26, 2024
1 parent 62d0afe commit a5eb7b9
Showing 1 changed file with 3 additions and 5 deletions.
8 changes: 3 additions & 5 deletions h2o-assemblies/main/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,10 @@ dependencies {
api "com.google.protobuf:protobuf-java:3.21.7"

constraints {
api('com.fasterxml.jackson.core:jackson-databind:2.13.4.2') {
api('com.fasterxml.jackson.core:jackson-databind:2.16.1') {
because 'Fixes CVE-2022-42003'
because 'Fixes PRISMA-2023-0067'
because 'Fixes CVE-2023-35116'
}
api('org.jetbrains.kotlin:kotlin-stdlib:1.6.21') {
because 'Fixes CVE-2020-29582'
Expand Down Expand Up @@ -93,10 +95,6 @@ shadowJar {
zip64 true
mergeServiceFiles()
classifier = ''
// CDH 5.3.0 provides joda-time v1.6 which is too old, shadow the library instead
if (!project.hasProperty("jacocoCoverage")) {
relocate 'org.joda.time', 'ai.h2o.org.joda.time'
}
exclude 'META-INF/*.DSA'
exclude 'META-INF/*.SF'
exclude 'synchronize.properties'
Expand Down

0 comments on commit a5eb7b9

Please sign in to comment.