Skip to content

Commit

Permalink
Merge pull request #2237 from hongwei1/feature/fixedVulnerability
Browse files Browse the repository at this point in the history
refactor/vornerability - snakeyaml and commons-compress
  • Loading branch information
simonredfern authored Jun 30, 2023
2 parents d6a3038 + ce7b75b commit c364ff9
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 4 deletions.
7 changes: 6 additions & 1 deletion obp-api/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -209,7 +209,7 @@
<dependency>
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
<version>7.17.1</version>
<version>8.8.1</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.sksamuel.elastic4s/elastic4s-client-esjava -->
<dependency>
Expand Down Expand Up @@ -260,6 +260,11 @@
<artifactId>avro4s-core_${scala.version}</artifactId>
<version>${avro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId>
<version>1.23.0</version>
</dependency>
<dependency>
<groupId>com.twitter</groupId>
<artifactId>chill-akka_${scala.version}</artifactId>
Expand Down
5 changes: 2 additions & 3 deletions obp-api/src/main/scala/code/search/search.scala
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,6 @@ import net.liftweb.json
import net.liftweb.json.JsonAST
import net.liftweb.json.JsonAST._
import net.liftweb.util.Helpers
import org.elasticsearch.common.settings.Settings

import scala.concurrent.Await
import scala.concurrent.duration.Duration
import scala.util.control.NoStackTrace
Expand Down Expand Up @@ -303,7 +301,8 @@ class elasticsearchWarehouse extends elasticsearch {
val props = ElasticProperties(s"http://$esHost:${esPortTCP.toInt}")
var client: ElasticClient = null
if (APIUtil.getPropsAsBoolValue("allow_elasticsearch", false) && APIUtil.getPropsAsBoolValue("allow_elasticsearch_warehouse", false) ) {
val settings = Settings.builder().put("cluster.name", APIUtil.getPropsValue("es.cluster.name", "elasticsearch")).build()
//this is not used in the current code, first comment to solve the vulnerability issue
// val settings = Settings.builder().put("cluster.name", APIUtil.getPropsValue("es.cluster.name", "elasticsearch")).build()
client = ElasticClient(JavaClient(props))
}
}
Expand Down

0 comments on commit c364ff9

Please sign in to comment.