[Core] fix GH security issues (apache#7448)

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue. Signed-off-by: Yuan Zhou <[email protected]>
mskapilks · Oct 10, 2024 · 9ae7136 · 9ae7136
1 parent b07c3d5
commit 9ae7136
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 4 deletions.
diff --git a/backends-clickhouse/pom.xml b/backends-clickhouse/pom.xml
@@ -177,7 +177,7 @@
     <dependency>
       <groupId>commons-io</groupId>
       <artifactId>commons-io</artifactId>
-      <version>2.11.0</version>
+      <version>2.14.0</version>
       <scope>provided</scope>
     </dependency>
     <!-- Fasterxml -->

diff --git a/backends-velox/pom.xml b/backends-velox/pom.xml
@@ -132,7 +132,7 @@
     <dependency>
       <groupId>commons-io</groupId>
       <artifactId>commons-io</artifactId>
-      <version>2.11.0</version>
+      <version>2.14.0</version>
       <scope>provided</scope>
     </dependency>
     <dependency>

diff --git a/gluten-substrait/pom.xml b/gluten-substrait/pom.xml
@@ -185,7 +185,7 @@
     <dependency>
       <groupId>commons-io</groupId>
       <artifactId>commons-io</artifactId>
-      <version>2.11.0</version>
+      <version>2.14.0</version>
       <scope>provided</scope>
     </dependency>
 

diff --git a/gluten-ut/pom.xml b/gluten-ut/pom.xml
@@ -158,7 +158,7 @@
     <dependency>
       <groupId>commons-io</groupId>
       <artifactId>commons-io</artifactId>
-      <version>2.11.0</version>
+      <version>2.14.0</version>
       <scope>provided</scope>
     </dependency>
   </dependencies>