Fix CVE-2023-35165, CVE-2023-34455, CVE-2023-34453, CVE-2023-34454, C… (

#2948) (#2952) * Fix CVE-2023-35165, CVE-2023-34455, CVE-2023-34453, CVE-2023-34454, CVE-2023-2976 Signed-off-by: Asif Sohail Mohammed <nsifmoh@amazon.com> * Updated snappy version in build.gradle files Signed-off-by: Asif Sohail Mohammed <nsifmoh@amazon.com> --------- Signed-off-by: Asif Sohail Mohammed <nsifmoh@amazon.com> (cherry picked from commit 8e2145c) Co-authored-by: Asif Sohail Mohammed <nsifmoh@amazon.com>
opensearch-project · Jul 11, 2023 · d6db47b · d6db47b
1 parent a9d35cf
commit d6db47b
Show file tree

Hide file tree

Showing 6 changed files with 570 additions and 272 deletions.
diff --git a/build.gradle b/build.gradle
@@ -174,6 +174,8 @@ subprojects {
                 }
             } else if (details.requested.group == 'log4j' && details.requested.name == 'log4j') {
                 details.useTarget group: 'org.apache.logging.log4j', name: 'log4j-1.2-api', version: '2.17.1'
+            } else if (details.requested.group == 'org.xerial.snappy' && details.requested.name == 'snappy-java') {
+                details.useTarget group: 'org.xerial.snappy', name: 'snappy-java', version: '1.1.10.1'
             }
         }
     }

diff --git a/data-prepper-plugins/common/build.gradle b/data-prepper-plugins/common/build.gradle
@@ -21,7 +21,7 @@ dependencies {
     implementation 'io.micrometer:micrometer-core'
     testImplementation testLibs.junit.vintage
     implementation 'org.apache.parquet:parquet-common:1.12.3'
-    implementation 'org.xerial.snappy:snappy-java:1.1.9.1'
+    implementation 'org.xerial.snappy:snappy-java:1.1.10.1'
     testImplementation project(':data-prepper-plugins:blocking-buffer')
     testImplementation 'commons-io:commons-io:2.12.0'
     testImplementation testLibs.mockito.inline

diff --git a/data-prepper-plugins/s3-source/build.gradle b/data-prepper-plugins/s3-source/build.gradle
@@ -29,7 +29,7 @@ dependencies {
     implementation 'org.hibernate.validator:hibernate-validator:7.0.5.Final'
     implementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-csv'
     implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.14.2'
-    implementation 'org.xerial.snappy:snappy-java:1.1.9.1'
+    implementation 'org.xerial.snappy:snappy-java:1.1.10.1'
     implementation 'org.apache.parquet:parquet-common:1.12.3'
     testImplementation 'org.apache.commons:commons-lang3:3.12.0'
     testImplementation 'com.github.tomakehurst:wiremock:3.0.0-beta-8'