Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Improve][CVE] Dependency org.apache.tomcat.embed:tomcat-embed-core leading to CVE problem #7480

Closed
CVEDetect opened this issue Mar 1, 2023 · 0 comments · Fixed by #7481
Closed

[Improve][CVE] Dependency org.apache.tomcat.embed:tomcat-embed-core leading to CVE problem #7480

CVEDetect opened this issue Mar 1, 2023 · 0 comments · Fixed by #7481
Assignees
@CVEDetect
Labels
type/improve
Milestone
1.6.0

Comments

@CVEDetect
Copy link
Contributor

Hi, In /inlong-dataproxy,there is a dependency org.apache.tomcat.embed:tomcat-embed-core:8.5.46 that calls the risk method.

CVE-2019-17563

The scope of this CVE affected version is ** [9.0.0.M1, 9.0.30) [8.5.0,8.5.50) [,7.0.99)**

After further analysis, in this project, the main Api called is org.apache.catalina.authenticator.AuthenticatorBase: register(org.apache.catalina.connector.Request,javax.servlet.http.HttpServletResponse,java.security.Principal,java.lang.String,java.lang.String,java.lang.String,boolean,boolean)V

Risk method repair link : GitHub

CVE Bug Invocation Path--

Path Length : 8

CVE Bug Invocation Path : 
org.apache.inlong.dataproxy.http.MessageFilter: doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain)V .m2/repository/io/netty/netty-codec-http/4.1.72.Final/netty-codec-http-4.1.72.Final.jar
org.apache.catalina.core.ApplicationFilterChain: doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse)V .m2/repository/org/apache/curator/curator-client/2.12.0/curator-client-2.12.0.jar
org.apache.catalina.core.ApplicationFilterChain: internalDoFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse)V .m2/repository/org/apache/curator/curator-client/2.12.0/curator-client-2.12.0.jar
org.apache.catalina.connector.Request: getUserPrincipal()Ljava.security.Principal; .m2/repository/org/apache/curator/curator-client/2.12.0/curator-client-2.12.0.jar
org.apache.catalina.connector.Request: logout()V .m2/repository/org/apache/curator/curator-client/2.12.0/curator-client-2.12.0.jar
org.apache.catalina.authenticator.AuthenticatorBase: logout(org.apache.catalina.connector.Request)V .m2/repository/org/apache/curator/curator-client/2.12.0/curator-client-2.12.0.jar
org.apache.catalina.authenticator.AuthenticatorBase: register(org.apache.catalina.connector.Request,javax.servlet.http.HttpServletResponse,java.security.Principal,java.lang.String,java.lang.String,java.lang.String)V .m2/repository/org/apache/curator/curator-client/2.12.0/curator-client-2.12.0.jar
org.apache.catalina.authenticator.AuthenticatorBase: register(org.apache.catalina.connector.Request,javax.servlet.http.HttpServletResponse,java.security.Principal,java.lang.String,java.lang.String,java.lang.String,boolean,boolean)V

Dependency tree--

[INFO] org.apache.inlong:inlong-dataproxy:pom:1.6.0-SNAPSHOT
[INFO] +- org.apache.inlong:tubemq-client:jar:1.6.0-SNAPSHOT:compile
[INFO] |  \- org.apache.inlong:tubemq-core:jar:1.6.0-SNAPSHOT:compile
[INFO] |     \- com.google.protobuf:protobuf-java:jar:3.19.6:compile
[INFO] +- org.apache.inlong:inlong-common:jar:1.6.0-SNAPSHOT:compile
[INFO] |  +- org.xerial.snappy:snappy-java:jar:1.1.8.4:compile
[INFO] |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.13.2:compile
[INFO] |  +- com.google.code.gson:gson:jar:2.8.9:compile
[INFO] |  +- org.projectlombok:lombok:jar:1.18.22:compile
[INFO] |  +- org.apache.commons:commons-lang3:jar:3.11:compile
[INFO] |  +- org.apache.httpcomponents:httpcore:jar:4.4.14:compile
[INFO] |  +- org.apache.httpcomponents:httpclient:jar:4.5.13:compile
[INFO] |  |  \- commons-logging:commons-logging:jar:1.2:compile
[INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
[INFO] +- org.apache.flume:flume-ng-core:jar:1.10.0:compile
[INFO] |  +- org.apache.flume:flume-ng-auth:jar:1.10.0:compile
[INFO] |  +- commons-io:commons-io:jar:2.11.0:compile
[INFO] |  +- com.jcraft:jzlib:jar:1.1.3:compile
[INFO] |  +- commons-cli:commons-cli:jar:1.4:compile
[INFO] |  +- commons-lang:commons-lang:jar:2.6:compile
[INFO] |  +- org.apache.avro:avro:jar:1.10.1:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-core:jar:2.13.2:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-databind:jar:2.13.4.2:compile
[INFO] |  |  \- org.apache.commons:commons-compress:jar:1.20:compile
[INFO] |  +- org.apache.avro:avro-ipc-netty:jar:1.11.0:compile
[INFO] |  |  \- org.apache.avro:avro-ipc:jar:1.10.1:compile
[INFO] |  |     +- org.apache.velocity:velocity-engine-core:jar:2.3:compile
[INFO] |  |     \- org.tukaani:xz:jar:1.8:compile
[INFO] |  +- io.netty:netty-all:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-dns:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-haproxy:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-http:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-http2:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-memcache:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-mqtt:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-redis:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-smtp:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-socks:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-stomp:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-xml:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-handler-proxy:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-resolver-dns:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-transport-rxtx:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-transport-sctp:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-transport-udt:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-transport-classes-kqueue:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-resolver-dns-classes-macos:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.72.Final:runtime
[INFO] |  |  +- io.netty:netty-transport-native-epoll:jar:linux-aarch_64:4.1.72.Final:runtime
[INFO] |  |  +- io.netty:netty-transport-native-kqueue:jar:osx-x86_64:4.1.72.Final:runtime
[INFO] |  |  +- io.netty:netty-transport-native-kqueue:jar:osx-aarch_64:4.1.72.Final:runtime
[INFO] |  |  +- io.netty:netty-resolver-dns-native-macos:jar:osx-x86_64:4.1.72.Final:runtime
[INFO] |  |  \- io.netty:netty-resolver-dns-native-macos:jar:osx-aarch_64:4.1.72.Final:runtime
[INFO] |  +- joda-time:joda-time:jar:2.9.9:compile
[INFO] |  +- org.eclipse.jetty:jetty-servlet:jar:9.4.48.v20220622:compile
[INFO] |  |  +- org.eclipse.jetty:jetty-security:jar:9.4.48.v20220622:compile
[INFO] |  |  \- org.eclipse.jetty:jetty-util-ajax:jar:9.4.48.v20220622:compile
[INFO] |  +- org.eclipse.jetty:jetty-util:jar:9.4.48.v20220622:compile
[INFO] |  +- org.eclipse.jetty:jetty-jmx:jar:9.4.41.v20210516:compile
[INFO] |  +- org.apache.thrift:libthrift:jar:0.14.1:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-core:jar:8.5.46:compile
[INFO] |  |  |  \- org.apache.tomcat:tomcat-annotations-api:jar:8.5.46:compile
[INFO] |  |  \- javax.annotation:javax.annotation-api:jar:1.3.2:compile
[INFO] |  \- org.apache.mina:mina-core:jar:2.1.5:compile
[INFO] +- org.apache.flume:flume-ng-node:jar:1.10.0:compile
[INFO] |  +- org.apache.flume.flume-ng-sinks:flume-hdfs-sink:jar:1.10.0:compile
[INFO] |  +- org.apache.flume.flume-ng-sinks:flume-irc-sink:jar:1.10.0:compile
[INFO] |  |  \- org.schwering:irclib:jar:1.10:compile
[INFO] |  +- org.apache.flume.flume-ng-channels:flume-jdbc-channel:jar:1.10.0:compile
[INFO] |  |  +- commons-dbcp:commons-dbcp:jar:1.4:compile
[INFO] |  |  |  \- commons-pool:commons-pool:jar:1.5.4:compile
[INFO] |  |  \- org.apache.derby:derby:jar:10.14.1.0:compile
[INFO] |  +- org.apache.flume.flume-ng-channels:flume-file-channel:jar:1.10.0:compile
[INFO] |  |  \- org.mapdb:mapdb:jar:0.9.9:compile
[INFO] |  +- org.apache.flume.flume-ng-channels:flume-spillable-memory-channel:jar:1.10.0:compile
[INFO] |  +- org.apache.commons:commons-text:jar:1.9:compile
[INFO] |  +- org.apache.curator:curator-framework:jar:2.12.0:compile
[INFO] |  |  \- org.apache.curator:curator-client:jar:2.12.0:compile
[INFO] |  |     \- org.apache.zookeeper:zookeeper:jar:3.6.3:compile
[INFO] |  |        +- org.apache.zookeeper:zookeeper-jute:jar:3.6.3:compile
[INFO] |  |        \- org.apache.yetus:audience-annotations:jar:0.5.0:compile
[INFO] |  \- org.apache.curator:curator-recipes:jar:2.12.0:compile
[INFO] +- org.apache.flume:flume-ng-sdk:jar:1.10.0:compile
[INFO] +- org.apache.flume:flume-ng-configuration:jar:1.10.0:compile
[INFO] |  \- org.apache.flume:flume-ng-config-filter-api:jar:1.10.0:compile
[INFO] +- io.netty:netty-transport:jar:4.1.72.Final:compile
[INFO] |  +- io.netty:netty-buffer:jar:4.1.72.Final:compile
[INFO] |  \- io.netty:netty-resolver:jar:4.1.72.Final:compile
[INFO] +- io.netty:netty-handler:jar:4.1.72.Final:compile
[INFO] |  \- io.netty:netty-tcnative-classes:jar:2.0.46.Final:compile
[INFO] +- io.netty:netty-common:jar:4.1.72.Final:compile
[INFO] +- io.netty:netty-codec:jar:4.1.72.Final:compile
[INFO] +- io.netty:netty-transport-native-epoll:jar:4.1.72.Final:compile
[INFO] |  +- io.netty:netty-transport-native-unix-common:jar:4.1.72.Final:compile
[INFO] |  \- io.netty:netty-transport-classes-epoll:jar:4.1.72.Final:compile
[INFO] +- commons-codec:commons-codec:jar:1.15:compile
[INFO] +- org.eclipse.jetty:jetty-server:jar:9.4.48.v20220622:compile
[INFO] |  +- javax.servlet:javax.servlet-api:jar:4.0.1:compile
[INFO] |  +- org.eclipse.jetty:jetty-http:jar:9.4.48.v20220622:compile
[INFO] |  \- org.eclipse.jetty:jetty-io:jar:9.4.48.v20220622:compile
[INFO] +- org.apache.pulsar:pulsar-client:jar:2.8.1:compile
[INFO] |  +- org.apache.pulsar:pulsar-client-api:jar:2.8.1:compile
[INFO] |  +- org.apache.pulsar:pulsar-client-admin-api:jar:2.8.1:compile
[INFO] |  +- javax.ws.rs:javax.ws.rs-api:jar:2.1:compile
[INFO] |  +- org.apache.pulsar:bouncy-castle-bc:jar:pkg:2.8.1:compile
[INFO] |  +- org.bouncycastle:bcpkix-jdk15on:jar:1.69:compile
[INFO] |  +- org.bouncycastle:bcprov-jdk15on:jar:1.69:compile
[INFO] |  +- org.bouncycastle:bcutil-jdk15on:jar:1.69:compile
[INFO] |  +- org.bouncycastle:bcprov-ext-jdk15on:jar:1.69:compile
[INFO] |  +- com.sun.activation:javax.activation:jar:1.2.0:compile
[INFO] |  +- javax.validation:validation-api:jar:1.1.0.Final:compile
[INFO] |  \- net.jcip:jcip-annotations:jar:1.0:compile
[INFO] +- org.apache.kafka:kafka-clients:jar:2.4.1:compile
[INFO] |  +- com.github.luben:zstd-jni:jar:1.4.3-1:compile
[INFO] |  \- org.lz4:lz4-java:jar:1.6.0:compile
[INFO] +- com.google.guava:guava:jar:31.0.1-jre:compile
[INFO] |  +- com.google.guava:failureaccess:jar:1.0.1:compile
[INFO] |  +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
[INFO] |  +- com.google.code.findbugs:jsr305:jar:3.0.2:compile
[INFO] |  +- org.checkerframework:checker-qual:jar:3.12.0:compile
[INFO] |  +- com.google.errorprone:error_prone_annotations:jar:2.7.1:compile
[INFO] |  \- com.google.j2objc:j2objc-annotations:jar:1.3:compile
[INFO] +- io.prometheus:simpleclient_httpserver:jar:0.14.1:compile
[INFO] |  +- io.prometheus:simpleclient:jar:0.14.1:compile
[INFO] |  |  +- io.prometheus:simpleclient_tracer_otel:jar:0.14.1:compile
[INFO] |  |  |  \- io.prometheus:simpleclient_tracer_common:jar:0.14.1:compile
[INFO] |  |  \- io.prometheus:simpleclient_tracer_otel_agent:jar:0.14.1:compile
[INFO] |  \- io.prometheus:simpleclient_common:jar:0.14.1:compile
[INFO] +- org.apache.logging.log4j:log4j-api:jar:2.17.2:compile
[INFO] +- org.apache.logging.log4j:log4j-core:jar:2.17.2:compile
[INFO] +- org.apache.logging.log4j:log4j-slf4j-impl:jar:2.17.2:compile
[INFO] +- org.slf4j:slf4j-api:jar:1.7.36:compile
[INFO] +- org.powermock:powermock-module-junit4:jar:2.0.9:test
[INFO] |  +- org.powermock:powermock-module-junit4-common:jar:2.0.9:test
[INFO] |  |  \- org.powermock:powermock-reflect:jar:2.0.9:test
[INFO] |  +- junit:junit:jar:4.13.2:test
[INFO] |  \- org.hamcrest:hamcrest-core:jar:1.3:test
[INFO] +- org.powermock:powermock-module-testng:jar:2.0.9:test
[INFO] |  +- org.powermock:powermock-core:jar:2.0.9:test
[INFO] |  |  +- org.javassist:javassist:jar:3.27.0-GA:test
[INFO] |  |  +- net.bytebuddy:byte-buddy:jar:1.12.9:test
[INFO] |  |  \- net.bytebuddy:byte-buddy-agent:jar:1.10.14:test
[INFO] |  \- org.powermock:powermock-module-testng-common:jar:2.0.9:test
[INFO] \- org.powermock:powermock-api-mockito2:jar:2.0.9:test
[INFO]    +- org.powermock:powermock-api-support:jar:2.0.9:test
[INFO]    \- org.mockito:mockito-core:jar:3.12.4:test
[INFO]       \- org.objenesis:objenesis:jar:3.2:test
[INFO] 
[INFO] -----------------< org.apache.inlong:dataproxy-source >-----------------
[INFO] Building Apache InLong - DataProxy Source 1.6.0-SNAPSHOT           [2/4]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ dataproxy-source ---
[INFO] org.apache.inlong:dataproxy-source:jar:1.6.0-SNAPSHOT
[INFO] +- org.apache.inlong:audit-sdk:jar:1.6.0-SNAPSHOT:compile
[INFO] |  +- org.apache.commons:commons-lang3:jar:3.11:compile
[INFO] |  +- org.apache.inlong:audit-common:jar:1.6.0-SNAPSHOT:compile
[INFO] |  \- org.projectlombok:lombok:jar:1.18.22:compile
[INFO] +- org.apache.inlong:sdk-common:jar:1.6.0-SNAPSHOT:compile
[INFO] |  +- com.google.protobuf:protobuf-java:jar:3.19.6:compile
[INFO] |  +- org.xerial.snappy:snappy-java:jar:1.1.8.4:compile
[INFO] |  \- com.alibaba:fastjson:jar:1.2.83:compile
[INFO] +- org.eclipse.jetty:jetty-servlet:jar:9.4.48.v20220622:compile
[INFO] |  +- org.eclipse.jetty:jetty-security:jar:9.4.48.v20220622:compile
[INFO] |  \- org.eclipse.jetty:jetty-util-ajax:jar:9.4.48.v20220622:compile
[INFO] +- org.eclipse.jetty:jetty-util:jar:9.4.48.v20220622:compile
[INFO] +- org.apache.inlong:tubemq-client:jar:1.6.0-SNAPSHOT:compile
[INFO] |  \- org.apache.inlong:tubemq-core:jar:1.6.0-SNAPSHOT:compile
[INFO] +- org.apache.inlong:inlong-common:jar:1.6.0-SNAPSHOT:compile
[INFO] |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.13.2:compile
[INFO] |  +- com.google.code.gson:gson:jar:2.8.9:compile
[INFO] |  +- org.apache.httpcomponents:httpcore:jar:4.4.14:compile
[INFO] |  +- org.apache.httpcomponents:httpclient:jar:4.5.13:compile
[INFO] |  |  \- commons-logging:commons-logging:jar:1.2:compile
[INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
[INFO] +- org.apache.flume:flume-ng-core:jar:1.10.0:compile
[INFO] |  +- org.apache.flume:flume-ng-auth:jar:1.10.0:compile
[INFO] |  +- commons-io:commons-io:jar:2.11.0:compile
[INFO] |  +- com.jcraft:jzlib:jar:1.1.3:compile
[INFO] |  +- commons-cli:commons-cli:jar:1.4:compile
[INFO] |  +- commons-lang:commons-lang:jar:2.6:compile
[INFO] |  +- org.apache.avro:avro:jar:1.10.1:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-core:jar:2.13.2:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-databind:jar:2.13.4.2:compile
[INFO] |  |  \- org.apache.commons:commons-compress:jar:1.20:compile
[INFO] |  +- org.apache.avro:avro-ipc-netty:jar:1.11.0:compile
[INFO] |  |  \- org.apache.avro:avro-ipc:jar:1.10.1:compile
[INFO] |  |     +- org.apache.velocity:velocity-engine-core:jar:2.3:compile
[INFO] |  |     \- org.tukaani:xz:jar:1.8:compile
[INFO] |  +- io.netty:netty-all:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-dns:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-haproxy:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-http:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-http2:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-memcache:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-mqtt:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-redis:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-smtp:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-socks:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-stomp:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-xml:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-handler-proxy:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-resolver-dns:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-transport-rxtx:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-transport-sctp:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-transport-udt:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-transport-classes-kqueue:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-resolver-dns-classes-macos:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.72.Final:runtime
[INFO] |  |  +- io.netty:netty-transport-native-epoll:jar:linux-aarch_64:4.1.72.Final:runtime
[INFO] |  |  +- io.netty:netty-transport-native-kqueue:jar:osx-x86_64:4.1.72.Final:runtime
[INFO] |  |  +- io.netty:netty-transport-native-kqueue:jar:osx-aarch_64:4.1.72.Final:runtime
[INFO] |  |  +- io.netty:netty-resolver-dns-native-macos:jar:osx-x86_64:4.1.72.Final:runtime
[INFO] |  |  \- io.netty:netty-resolver-dns-native-macos:jar:osx-aarch_64:4.1.72.Final:runtime
[INFO] |  +- joda-time:joda-time:jar:2.9.9:compile
[INFO] |  +- org.eclipse.jetty:jetty-jmx:jar:9.4.41.v20210516:compile
[INFO] |  +- org.apache.thrift:libthrift:jar:0.14.1:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-core:jar:8.5.46:compile
[INFO] |  |  |  \- org.apache.tomcat:tomcat-annotations-api:jar:8.5.46:compile
[INFO] |  |  \- javax.annotation:javax.annotation-api:jar:1.3.2:compile
[INFO] |  \- org.apache.mina:mina-core:jar:2.1.5:compile
[INFO] +- org.apache.flume:flume-ng-node:jar:1.10.0:compile
[INFO] |  +- org.apache.flume.flume-ng-sinks:flume-hdfs-sink:jar:1.10.0:compile
[INFO] |  +- org.apache.flume.flume-ng-sinks:flume-irc-sink:jar:1.10.0:compile
[INFO] |  |  \- org.schwering:irclib:jar:1.10:compile
[INFO] |  +- org.apache.flume.flume-ng-channels:flume-jdbc-channel:jar:1.10.0:compile
[INFO] |  |  +- commons-dbcp:commons-dbcp:jar:1.4:compile
[INFO] |  |  |  \- commons-pool:commons-pool:jar:1.5.4:compile
[INFO] |  |  \- org.apache.derby:derby:jar:10.14.1.0:compile
[INFO] |  +- org.apache.flume.flume-ng-channels:flume-file-channel:jar:1.10.0:compile
[INFO] |  |  \- org.mapdb:mapdb:jar:0.9.9:compile
[INFO] |  +- org.apache.flume.flume-ng-channels:flume-spillable-memory-channel:jar:1.10.0:compile
[INFO] |  +- org.apache.commons:commons-text:jar:1.9:compile
[INFO] |  +- org.apache.curator:curator-framework:jar:2.12.0:compile
[INFO] |  |  \- org.apache.curator:curator-client:jar:2.12.0:compile
[INFO] |  |     \- org.apache.zookeeper:zookeeper:jar:3.6.3:compile
[INFO] |  |        +- org.apache.zookeeper:zookeeper-jute:jar:3.6.3:compile
[INFO] |  |        \- org.apache.yetus:audience-annotations:jar:0.5.0:compile
[INFO] |  \- org.apache.curator:curator-recipes:jar:2.12.0:compile
[INFO] +- org.apache.flume:flume-ng-sdk:jar:1.10.0:compile
[INFO] +- org.apache.flume:flume-ng-configuration:jar:1.10.0:compile
[INFO] |  \- org.apache.flume:flume-ng-config-filter-api:jar:1.10.0:compile
[INFO] +- io.netty:netty-transport:jar:4.1.72.Final:compile
[INFO] |  +- io.netty:netty-buffer:jar:4.1.72.Final:compile
[INFO] |  \- io.netty:netty-resolver:jar:4.1.72.Final:compile
[INFO] +- io.netty:netty-handler:jar:4.1.72.Final:compile
[INFO] |  \- io.netty:netty-tcnative-classes:jar:2.0.46.Final:compile
[INFO] +- io.netty:netty-common:jar:4.1.72.Final:compile
[INFO] +- io.netty:netty-codec:jar:4.1.72.Final:compile
[INFO] +- io.netty:netty-transport-native-epoll:jar:4.1.72.Final:compile
[INFO] |  +- io.netty:netty-transport-native-unix-common:jar:4.1.72.Final:compile
[INFO] |  \- io.netty:netty-transport-classes-epoll:jar:4.1.72.Final:compile
[INFO] +- commons-codec:commons-codec:jar:1.15:compile
[INFO] +- org.eclipse.jetty:jetty-server:jar:9.4.48.v20220622:compile
[INFO] |  +- javax.servlet:javax.servlet-api:jar:4.0.1:compile
[INFO] |  +- org.eclipse.jetty:jetty-http:jar:9.4.48.v20220622:compile
[INFO] |  \- org.eclipse.jetty:jetty-io:jar:9.4.48.v20220622:compile
[INFO] +- org.apache.pulsar:pulsar-client:jar:2.8.1:compile
[INFO] |  +- org.apache.pulsar:pulsar-client-api:jar:2.8.1:compile
[INFO] |  +- org.apache.pulsar:pulsar-client-admin-api:jar:2.8.1:compile
[INFO] |  +- javax.ws.rs:javax.ws.rs-api:jar:2.1:compile
[INFO] |  +- org.apache.pulsar:bouncy-castle-bc:jar:pkg:2.8.1:compile
[INFO] |  +- org.bouncycastle:bcpkix-jdk15on:jar:1.69:compile
[INFO] |  +- org.bouncycastle:bcprov-jdk15on:jar:1.69:compile
[INFO] |  +- org.bouncycastle:bcutil-jdk15on:jar:1.69:compile
[INFO] |  +- org.bouncycastle:bcprov-ext-jdk15on:jar:1.69:compile
[INFO] |  +- com.sun.activation:javax.activation:jar:1.2.0:compile
[INFO] |  +- javax.validation:validation-api:jar:1.1.0.Final:compile
[INFO] |  \- net.jcip:jcip-annotations:jar:1.0:compile
[INFO] +- org.apache.kafka:kafka-clients:jar:2.4.1:compile
[INFO] |  +- com.github.luben:zstd-jni:jar:1.4.3-1:compile
[INFO] |  \- org.lz4:lz4-java:jar:1.6.0:compile
[INFO] +- com.google.guava:guava:jar:31.0.1-jre:compile
[INFO] |  +- com.google.guava:failureaccess:jar:1.0.1:compile
[INFO] |  +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
[INFO] |  +- com.google.code.findbugs:jsr305:jar:3.0.2:compile
[INFO] |  +- org.checkerframework:checker-qual:jar:3.12.0:compile
[INFO] |  +- com.google.errorprone:error_prone_annotations:jar:2.7.1:compile
[INFO] |  \- com.google.j2objc:j2objc-annotations:jar:1.3:compile
[INFO] +- io.prometheus:simpleclient_httpserver:jar:0.14.1:compile
[INFO] |  +- io.prometheus:simpleclient:jar:0.14.1:compile
[INFO] |  |  +- io.prometheus:simpleclient_tracer_otel:jar:0.14.1:compile
[INFO] |  |  |  \- io.prometheus:simpleclient_tracer_common:jar:0.14.1:compile
[INFO] |  |  \- io.prometheus:simpleclient_tracer_otel_agent:jar:0.14.1:compile
[INFO] |  \- io.prometheus:simpleclient_common:jar:0.14.1:compile
[INFO] +- org.apache.logging.log4j:log4j-api:jar:2.17.2:compile
[INFO] +- org.apache.logging.log4j:log4j-core:jar:2.17.2:compile
[INFO] +- org.apache.logging.log4j:log4j-slf4j-impl:jar:2.17.2:compile
[INFO] +- org.slf4j:slf4j-api:jar:1.7.36:compile
[INFO] +- org.powermock:powermock-module-junit4:jar:2.0.9:test
[INFO] |  +- org.powermock:powermock-module-junit4-common:jar:2.0.9:test
[INFO] |  |  \- org.powermock:powermock-reflect:jar:2.0.9:test
[INFO] |  +- junit:junit:jar:4.13.2:test
[INFO] |  \- org.hamcrest:hamcrest-core:jar:1.3:test
[INFO] +- org.powermock:powermock-module-testng:jar:2.0.9:test
[INFO] |  +- org.powermock:powermock-core:jar:2.0.9:test
[INFO] |  |  +- org.javassist:javassist:jar:3.27.0-GA:test
[INFO] |  |  +- net.bytebuddy:byte-buddy:jar:1.12.9:test
[INFO] |  |  \- net.bytebuddy:byte-buddy-agent:jar:1.10.14:test
[INFO] |  \- org.powermock:powermock-module-testng-common:jar:2.0.9:test
[INFO] \- org.powermock:powermock-api-mockito2:jar:2.0.9:test
[INFO]    +- org.powermock:powermock-api-support:jar:2.0.9:test
[INFO]    \- org.mockito:mockito-core:jar:3.12.4:test
[INFO]       \- org.objenesis:objenesis:jar:3.2:test
[INFO] 
[INFO] ------------------< org.apache.inlong:dataproxy-dist >------------------
[INFO] Building Apache InLong - DataProxy Dist 1.6.0-SNAPSHOT             [3/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO] 
[INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ dataproxy-dist ---
[INFO] org.apache.inlong:dataproxy-dist:pom:1.6.0-SNAPSHOT
[INFO] +- org.apache.inlong:dataproxy-source:jar:1.6.0-SNAPSHOT:compile
[INFO] |  +- org.apache.inlong:audit-sdk:jar:1.6.0-SNAPSHOT:compile
[INFO] |  |  \- org.apache.inlong:audit-common:jar:1.6.0-SNAPSHOT:compile
[INFO] |  +- org.apache.inlong:sdk-common:jar:1.6.0-SNAPSHOT:compile
[INFO] |  |  +- com.google.protobuf:protobuf-java:jar:3.19.6:compile
[INFO] |  |  \- com.alibaba:fastjson:jar:1.2.83:compile
[INFO] |  +- org.eclipse.jetty:jetty-servlet:jar:9.4.48.v20220622:compile
[INFO] |  |  +- org.eclipse.jetty:jetty-security:jar:9.4.48.v20220622:compile
[INFO] |  |  \- org.eclipse.jetty:jetty-util-ajax:jar:9.4.48.v20220622:compile
[INFO] |  \- org.eclipse.jetty:jetty-util:jar:9.4.48.v20220622:compile
[INFO] +- org.apache.inlong:tubemq-client:jar:1.6.0-SNAPSHOT:compile
[INFO] |  \- org.apache.inlong:tubemq-core:jar:1.6.0-SNAPSHOT:compile
[INFO] +- org.apache.inlong:inlong-common:jar:1.6.0-SNAPSHOT:compile
[INFO] |  +- org.xerial.snappy:snappy-java:jar:1.1.8.4:compile
[INFO] |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.13.2:compile
[INFO] |  +- com.google.code.gson:gson:jar:2.8.9:compile
[INFO] |  +- org.projectlombok:lombok:jar:1.18.22:compile
[INFO] |  +- org.apache.commons:commons-lang3:jar:3.11:compile
[INFO] |  +- org.apache.httpcomponents:httpcore:jar:4.4.14:compile
[INFO] |  +- org.apache.httpcomponents:httpclient:jar:4.5.13:compile
[INFO] |  |  \- commons-logging:commons-logging:jar:1.2:compile
[INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
[INFO] +- org.apache.flume:flume-ng-core:jar:1.10.0:compile
[INFO] |  +- org.apache.flume:flume-ng-auth:jar:1.10.0:compile
[INFO] |  +- commons-io:commons-io:jar:2.11.0:compile
[INFO] |  +- com.jcraft:jzlib:jar:1.1.3:compile
[INFO] |  +- commons-cli:commons-cli:jar:1.4:compile
[INFO] |  +- commons-lang:commons-lang:jar:2.6:compile
[INFO] |  +- org.apache.avro:avro:jar:1.10.1:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-core:jar:2.13.2:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-databind:jar:2.13.4.2:compile
[INFO] |  |  \- org.apache.commons:commons-compress:jar:1.20:compile
[INFO] |  +- org.apache.avro:avro-ipc-netty:jar:1.11.0:compile
[INFO] |  |  \- org.apache.avro:avro-ipc:jar:1.10.1:compile
[INFO] |  |     +- org.apache.velocity:velocity-engine-core:jar:2.3:compile
[INFO] |  |     \- org.tukaani:xz:jar:1.8:compile
[INFO] |  +- io.netty:netty-all:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-dns:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-haproxy:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-http:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-http2:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-memcache:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-mqtt:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-redis:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-smtp:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-socks:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-stomp:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-xml:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-handler-proxy:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-resolver-dns:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-transport-rxtx:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-transport-sctp:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-transport-udt:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-transport-classes-kqueue:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-resolver-dns-classes-macos:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.72.Final:runtime
[INFO] |  |  +- io.netty:netty-transport-native-epoll:jar:linux-aarch_64:4.1.72.Final:runtime
[INFO] |  |  +- io.netty:netty-transport-native-kqueue:jar:osx-x86_64:4.1.72.Final:runtime
[INFO] |  |  +- io.netty:netty-transport-native-kqueue:jar:osx-aarch_64:4.1.72.Final:runtime
[INFO] |  |  +- io.netty:netty-resolver-dns-native-macos:jar:osx-x86_64:4.1.72.Final:runtime
[INFO] |  |  \- io.netty:netty-resolver-dns-native-macos:jar:osx-aarch_64:4.1.72.Final:runtime
[INFO] |  +- joda-time:joda-time:jar:2.9.9:compile
[INFO] |  +- org.eclipse.jetty:jetty-jmx:jar:9.4.41.v20210516:compile
[INFO] |  +- org.apache.thrift:libthrift:jar:0.14.1:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-core:jar:8.5.46:compile
[INFO] |  |  |  \- org.apache.tomcat:tomcat-annotations-api:jar:8.5.46:compile
[INFO] |  |  \- javax.annotation:javax.annotation-api:jar:1.3.2:compile
[INFO] |  \- org.apache.mina:mina-core:jar:2.1.5:compile
[INFO] +- org.apache.flume:flume-ng-node:jar:1.10.0:compile
[INFO] |  +- org.apache.flume.flume-ng-sinks:flume-hdfs-sink:jar:1.10.0:compile
[INFO] |  +- org.apache.flume.flume-ng-sinks:flume-irc-sink:jar:1.10.0:compile
[INFO] |  |  \- org.schwering:irclib:jar:1.10:compile
[INFO] |  +- org.apache.flume.flume-ng-channels:flume-jdbc-channel:jar:1.10.0:compile
[INFO] |  |  +- commons-dbcp:commons-dbcp:jar:1.4:compile
[INFO] |  |  |  \- commons-pool:commons-pool:jar:1.5.4:compile
[INFO] |  |  \- org.apache.derby:derby:jar:10.14.1.0:compile
[INFO] |  +- org.apache.flume.flume-ng-channels:flume-file-channel:jar:1.10.0:compile
[INFO] |  |  \- org.mapdb:mapdb:jar:0.9.9:compile
[INFO] |  +- org.apache.flume.flume-ng-channels:flume-spillable-memory-channel:jar:1.10.0:compile
[INFO] |  +- org.apache.commons:commons-text:jar:1.9:compile
[INFO] |  +- org.apache.curator:curator-framework:jar:2.12.0:compile
[INFO] |  |  \- org.apache.curator:curator-client:jar:2.12.0:compile
[INFO] |  |     \- org.apache.zookeeper:zookeeper:jar:3.6.3:compile
[INFO] |  |        +- org.apache.zookeeper:zookeeper-jute:jar:3.6.3:compile
[INFO] |  |        \- org.apache.yetus:audience-annotations:jar:0.5.0:compile
[INFO] |  \- org.apache.curator:curator-recipes:jar:2.12.0:compile
[INFO] +- org.apache.flume:flume-ng-sdk:jar:1.10.0:compile
[INFO] +- org.apache.flume:flume-ng-configuration:jar:1.10.0:compile
[INFO] |  \- org.apache.flume:flume-ng-config-filter-api:jar:1.10.0:compile
[INFO] +- io.netty:netty-transport:jar:4.1.72.Final:compile
[INFO] |  +- io.netty:netty-buffer:jar:4.1.72.Final:compile
[INFO] |  \- io.netty:netty-resolver:jar:4.1.72.Final:compile
[INFO] +- io.netty:netty-handler:jar:4.1.72.Final:compile
[INFO] |  \- io.netty:netty-tcnative-classes:jar:2.0.46.Final:compile
[INFO] +- io.netty:netty-common:jar:4.1.72.Final:compile
[INFO] +- io.netty:netty-codec:jar:4.1.72.Final:compile
[INFO] +- io.netty:netty-transport-native-epoll:jar:4.1.72.Final:compile
[INFO] |  +- io.netty:netty-transport-native-unix-common:jar:4.1.72.Final:compile
[INFO] |  \- io.netty:netty-transport-classes-epoll:jar:4.1.72.Final:compile
[INFO] +- commons-codec:commons-codec:jar:1.15:compile
[INFO] +- org.eclipse.jetty:jetty-server:jar:9.4.48.v20220622:compile
[INFO] |  +- javax.servlet:javax.servlet-api:jar:4.0.1:compile
[INFO] |  +- org.eclipse.jetty:jetty-http:jar:9.4.48.v20220622:compile
[INFO] |  \- org.eclipse.jetty:jetty-io:jar:9.4.48.v20220622:compile
[INFO] +- org.apache.pulsar:pulsar-client:jar:2.8.1:compile
[INFO] |  +- org.apache.pulsar:pulsar-client-api:jar:2.8.1:compile
[INFO] |  +- org.apache.pulsar:pulsar-client-admin-api:jar:2.8.1:compile
[INFO] |  +- javax.ws.rs:javax.ws.rs-api:jar:2.1:compile
[INFO] |  +- org.apache.pulsar:bouncy-castle-bc:jar:pkg:2.8.1:compile
[INFO] |  +- org.bouncycastle:bcpkix-jdk15on:jar:1.69:compile
[INFO] |  +- org.bouncycastle:bcprov-jdk15on:jar:1.69:compile
[INFO] |  +- org.bouncycastle:bcutil-jdk15on:jar:1.69:compile
[INFO] |  +- org.bouncycastle:bcprov-ext-jdk15on:jar:1.69:compile
[INFO] |  +- com.sun.activation:javax.activation:jar:1.2.0:compile
[INFO] |  +- javax.validation:validation-api:jar:1.1.0.Final:compile
[INFO] |  \- net.jcip:jcip-annotations:jar:1.0:compile
[INFO] +- org.apache.kafka:kafka-clients:jar:2.4.1:compile
[INFO] |  +- com.github.luben:zstd-jni:jar:1.4.3-1:compile
[INFO] |  \- org.lz4:lz4-java:jar:1.6.0:compile
[INFO] +- com.google.guava:guava:jar:31.0.1-jre:compile
[INFO] |  +- com.google.guava:failureaccess:jar:1.0.1:compile
[INFO] |  +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
[INFO] |  +- com.google.code.findbugs:jsr305:jar:3.0.2:compile
[INFO] |  +- org.checkerframework:checker-qual:jar:3.12.0:compile
[INFO] |  +- com.google.errorprone:error_prone_annotations:jar:2.7.1:compile
[INFO] |  \- com.google.j2objc:j2objc-annotations:jar:1.3:compile
[INFO] +- io.prometheus:simpleclient_httpserver:jar:0.14.1:compile
[INFO] |  +- io.prometheus:simpleclient:jar:0.14.1:compile
[INFO] |  |  +- io.prometheus:simpleclient_tracer_otel:jar:0.14.1:compile
[INFO] |  |  |  \- io.prometheus:simpleclient_tracer_common:jar:0.14.1:compile
[INFO] |  |  \- io.prometheus:simpleclient_tracer_otel_agent:jar:0.14.1:compile
[INFO] |  \- io.prometheus:simpleclient_common:jar:0.14.1:compile
[INFO] +- org.apache.logging.log4j:log4j-api:jar:2.17.2:compile
[INFO] +- org.apache.logging.log4j:log4j-core:jar:2.17.2:compile
[INFO] +- org.apache.logging.log4j:log4j-slf4j-impl:jar:2.17.2:compile
[INFO] +- org.slf4j:slf4j-api:jar:1.7.36:compile
[INFO] +- org.powermock:powermock-module-junit4:jar:2.0.9:test
[INFO] |  +- org.powermock:powermock-module-junit4-common:jar:2.0.9:test
[INFO] |  |  \- org.powermock:powermock-reflect:jar:2.0.9:test
[INFO] |  +- junit:junit:jar:4.13.2:test
[INFO] |  \- org.hamcrest:hamcrest-core:jar:1.3:test
[INFO] +- org.powermock:powermock-module-testng:jar:2.0.9:test
[INFO] |  +- org.powermock:powermock-core:jar:2.0.9:test
[INFO] |  |  +- org.javassist:javassist:jar:3.27.0-GA:test
[INFO] |  |  +- net.bytebuddy:byte-buddy:jar:1.12.9:test
[INFO] |  |  \- net.bytebuddy:byte-buddy-agent:jar:1.10.14:test
[INFO] |  \- org.powermock:powermock-module-testng-common:jar:2.0.9:test
[INFO] \- org.powermock:powermock-api-mockito2:jar:2.0.9:test
[INFO]    +- org.powermock:powermock-api-support:jar:2.0.9:test
[INFO]    \- org.mockito:mockito-core:jar:3.12.4:test
[INFO]       \- org.objenesis:objenesis:jar:3.2:test
[INFO] 
[INFO] -----------------< org.apache.inlong:dataproxy-docker >-----------------
[INFO] Building Apache InLong - DataProxy Docker 1.6.0-SNAPSHOT           [4/4]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ dataproxy-docker ---
[INFO] org.apache.inlong:dataproxy-docker:jar:1.6.0-SNAPSHOT
[INFO] +- org.apache.inlong:dataproxy-dist:tar.gz:bin:1.6.0-SNAPSHOT:provided
[INFO] |  \- org.apache.inlong:dataproxy-source:jar:1.6.0-SNAPSHOT:provided
[INFO] |     +- org.apache.inlong:audit-sdk:jar:1.6.0-SNAPSHOT:provided
[INFO] |     |  \- org.apache.inlong:audit-common:jar:1.6.0-SNAPSHOT:provided
[INFO] |     \- org.apache.inlong:sdk-common:jar:1.6.0-SNAPSHOT:provided
[INFO] |        \- com.alibaba:fastjson:jar:1.2.83:provided
[INFO] +- org.apache.inlong:tubemq-client:jar:1.6.0-SNAPSHOT:compile
[INFO] |  \- org.apache.inlong:tubemq-core:jar:1.6.0-SNAPSHOT:compile
[INFO] |     \- com.google.protobuf:protobuf-java:jar:3.19.6:compile
[INFO] +- org.apache.inlong:inlong-common:jar:1.6.0-SNAPSHOT:compile
[INFO] |  +- org.xerial.snappy:snappy-java:jar:1.1.8.4:compile
[INFO] |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.13.2:compile
[INFO] |  +- com.google.code.gson:gson:jar:2.8.9:compile
[INFO] |  +- org.projectlombok:lombok:jar:1.18.22:compile
[INFO] |  +- org.apache.commons:commons-lang3:jar:3.11:compile
[INFO] |  +- org.apache.httpcomponents:httpcore:jar:4.4.14:compile
[INFO] |  +- org.apache.httpcomponents:httpclient:jar:4.5.13:compile
[INFO] |  |  \- commons-logging:commons-logging:jar:1.2:compile
[INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
[INFO] +- org.apache.flume:flume-ng-core:jar:1.10.0:compile
[INFO] |  +- org.apache.flume:flume-ng-auth:jar:1.10.0:compile
[INFO] |  +- commons-io:commons-io:jar:2.11.0:compile
[INFO] |  +- com.jcraft:jzlib:jar:1.1.3:compile
[INFO] |  +- commons-cli:commons-cli:jar:1.4:compile
[INFO] |  +- commons-lang:commons-lang:jar:2.6:compile
[INFO] |  +- org.apache.avro:avro:jar:1.10.1:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-core:jar:2.13.2:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-databind:jar:2.13.4.2:compile
[INFO] |  |  \- org.apache.commons:commons-compress:jar:1.20:compile
[INFO] |  +- org.apache.avro:avro-ipc-netty:jar:1.11.0:compile
[INFO] |  |  \- org.apache.avro:avro-ipc:jar:1.10.1:compile
[INFO] |  |     +- org.apache.velocity:velocity-engine-core:jar:2.3:compile
[INFO] |  |     \- org.tukaani:xz:jar:1.8:compile
[INFO] |  +- io.netty:netty-all:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-dns:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-haproxy:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-http:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-http2:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-memcache:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-mqtt:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-redis:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-smtp:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-socks:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-stomp:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-codec-xml:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-handler-proxy:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-resolver-dns:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-transport-rxtx:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-transport-sctp:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-transport-udt:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-transport-classes-kqueue:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-resolver-dns-classes-macos:jar:4.1.72.Final:compile
[INFO] |  |  +- io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.72.Final:runtime
[INFO] |  |  +- io.netty:netty-transport-native-epoll:jar:linux-aarch_64:4.1.72.Final:runtime
[INFO] |  |  +- io.netty:netty-transport-native-kqueue:jar:osx-x86_64:4.1.72.Final:runtime
[INFO] |  |  +- io.netty:netty-transport-native-kqueue:jar:osx-aarch_64:4.1.72.Final:runtime
[INFO] |  |  +- io.netty:netty-resolver-dns-native-macos:jar:osx-x86_64:4.1.72.Final:runtime
[INFO] |  |  \- io.netty:netty-resolver-dns-native-macos:jar:osx-aarch_64:4.1.72.Final:runtime
[INFO] |  +- joda-time:joda-time:jar:2.9.9:compile
[INFO] |  +- org.eclipse.jetty:jetty-servlet:jar:9.4.48.v20220622:compile
[INFO] |  |  +- org.eclipse.jetty:jetty-security:jar:9.4.48.v20220622:compile
[INFO] |  |  \- org.eclipse.jetty:jetty-util-ajax:jar:9.4.48.v20220622:compile
[INFO] |  +- org.eclipse.jetty:jetty-util:jar:9.4.48.v20220622:compile
[INFO] |  +- org.eclipse.jetty:jetty-jmx:jar:9.4.41.v20210516:compile
[INFO] |  +- org.apache.thrift:libthrift:jar:0.14.1:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-core:jar:8.5.46:compile
[INFO] |  |  |  \- org.apache.tomcat:tomcat-annotations-api:jar:8.5.46:compile
[INFO] |  |  \- javax.annotation:javax.annotation-api:jar:1.3.2:compile
[INFO] |  \- org.apache.mina:mina-core:jar:2.1.5:compile
[INFO] +- org.apache.flume:flume-ng-node:jar:1.10.0:compile
[INFO] |  +- org.apache.flume.flume-ng-sinks:flume-hdfs-sink:jar:1.10.0:compile
[INFO] |  +- org.apache.flume.flume-ng-sinks:flume-irc-sink:jar:1.10.0:compile
[INFO] |  |  \- org.schwering:irclib:jar:1.10:compile
[INFO] |  +- org.apache.flume.flume-ng-channels:flume-jdbc-channel:jar:1.10.0:compile
[INFO] |  |  +- commons-dbcp:commons-dbcp:jar:1.4:compile
[INFO] |  |  |  \- commons-pool:commons-pool:jar:1.5.4:compile
[INFO] |  |  \- org.apache.derby:derby:jar:10.14.1.0:compile
[INFO] |  +- org.apache.flume.flume-ng-channels:flume-file-channel:jar:1.10.0:compile
[INFO] |  |  \- org.mapdb:mapdb:jar:0.9.9:compile
[INFO] |  +- org.apache.flume.flume-ng-channels:flume-spillable-memory-channel:jar:1.10.0:compile
[INFO] |  +- org.apache.commons:commons-text:jar:1.9:compile
[INFO] |  +- org.apache.curator:curator-framework:jar:2.12.0:compile
[INFO] |  |  \- org.apache.curator:curator-client:jar:2.12.0:compile
[INFO] |  |     \- org.apache.zookeeper:zookeeper:jar:3.6.3:compile
[INFO] |  |        +- org.apache.zookeeper:zookeeper-jute:jar:3.6.3:compile
[INFO] |  |        \- org.apache.yetus:audience-annotations:jar:0.5.0:compile
[INFO] |  \- org.apache.curator:curator-recipes:jar:2.12.0:compile
[INFO] +- org.apache.flume:flume-ng-sdk:jar:1.10.0:compile
[INFO] +- org.apache.flume:flume-ng-configuration:jar:1.10.0:compile
[INFO] |  \- org.apache.flume:flume-ng-config-filter-api:jar:1.10.0:compile
[INFO] +- io.netty:netty-transport:jar:4.1.72.Final:compile
[INFO] |  +- io.netty:netty-buffer:jar:4.1.72.Final:compile
[INFO] |  \- io.netty:netty-resolver:jar:4.1.72.Final:compile
[INFO] +- io.netty:netty-handler:jar:4.1.72.Final:compile
[INFO] |  \- io.netty:netty-tcnative-classes:jar:2.0.46.Final:compile
[INFO] +- io.netty:netty-common:jar:4.1.72.Final:compile
[INFO] +- io.netty:netty-codec:jar:4.1.72.Final:compile
[INFO] +- io.netty:netty-transport-native-epoll:jar:4.1.72.Final:compile
[INFO] |  +- io.netty:netty-transport-native-unix-common:jar:4.1.72.Final:compile
[INFO] |  \- io.netty:netty-transport-classes-epoll:jar:4.1.72.Final:compile
[INFO] +- commons-codec:commons-codec:jar:1.15:compile
[INFO] +- org.eclipse.jetty:jetty-server:jar:9.4.48.v20220622:compile
[INFO] |  +- javax.servlet:javax.servlet-api:jar:4.0.1:compile
[INFO] |  +- org.eclipse.jetty:jetty-http:jar:9.4.48.v20220622:compile
[INFO] |  \- org.eclipse.jetty:jetty-io:jar:9.4.48.v20220622:compile
[INFO] +- org.apache.pulsar:pulsar-client:jar:2.8.1:compile
[INFO] |  +- org.apache.pulsar:pulsar-client-api:jar:2.8.1:compile
[INFO] |  +- org.apache.pulsar:pulsar-client-admin-api:jar:2.8.1:compile
[INFO] |  +- javax.ws.rs:javax.ws.rs-api:jar:2.1:compile
[INFO] |  +- org.apache.pulsar:bouncy-castle-bc:jar:pkg:2.8.1:compile
[INFO] |  +- org.bouncycastle:bcpkix-jdk15on:jar:1.69:compile
[INFO] |  +- org.bouncycastle:bcprov-jdk15on:jar:1.69:compile
[INFO] |  +- org.bouncycastle:bcutil-jdk15on:jar:1.69:compile
[INFO] |  +- org.bouncycastle:bcprov-ext-jdk15on:jar:1.69:compile
[INFO] |  +- com.sun.activation:javax.activation:jar:1.2.0:compile
[INFO] |  +- javax.validation:validation-api:jar:1.1.0.Final:compile
[INFO] |  \- net.jcip:jcip-annotations:jar:1.0:compile
[INFO] +- org.apache.kafka:kafka-clients:jar:2.4.1:compile
[INFO] |  +- com.github.luben:zstd-jni:jar:1.4.3-1:compile
[INFO] |  \- org.lz4:lz4-java:jar:1.6.0:compile
[INFO] +- com.google.guava:guava:jar:31.0.1-jre:compile
[INFO] |  +- com.google.guava:failureaccess:jar:1.0.1:compile
[INFO] |  +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
[INFO] |  +- com.google.code.findbugs:jsr305:jar:3.0.2:compile
[INFO] |  +- org.checkerframework:checker-qual:jar:3.12.0:compile
[INFO] |  +- com.google.errorprone:error_prone_annotations:jar:2.7.1:compile
[INFO] |  \- com.google.j2objc:j2objc-annotations:jar:1.3:compile
[INFO] +- io.prometheus:simpleclient_httpserver:jar:0.14.1:compile
[INFO] |  +- io.prometheus:simpleclient:jar:0.14.1:compile
[INFO] |  |  +- io.prometheus:simpleclient_tracer_otel:jar:0.14.1:compile
[INFO] |  |  |  \- io.prometheus:simpleclient_tracer_common:jar:0.14.1:compile
[INFO] |  |  \- io.prometheus:simpleclient_tracer_otel_agent:jar:0.14.1:compile
[INFO] |  \- io.prometheus:simpleclient_common:jar:0.14.1:compile
[INFO] +- org.apache.logging.log4j:log4j-api:jar:2.17.2:compile
[INFO] +- org.apache.logging.log4j:log4j-core:jar:2.17.2:compile
[INFO] +- org.apache.logging.log4j:log4j-slf4j-impl:jar:2.17.2:compile
[INFO] +- org.slf4j:slf4j-api:jar:1.7.36:compile
[INFO] +- org.powermock:powermock-module-junit4:jar:2.0.9:test
[INFO] |  +- org.powermock:powermock-module-junit4-common:jar:2.0.9:test
[INFO] |  |  \- org.powermock:powermock-reflect:jar:2.0.9:test
[INFO] |  +- junit:junit:jar:4.13.2:test
[INFO] |  \- org.hamcrest:hamcrest-core:jar:1.3:test
[INFO] +- org.powermock:powermock-module-testng:jar:2.0.9:test
[INFO] |  +- org.powermock:powermock-core:jar:2.0.9:test
[INFO] |  |  +- org.javassist:javassist:jar:3.27.0-GA:test
[INFO] |  |  +- net.bytebuddy:byte-buddy:jar:1.12.9:test
[INFO] |  |  \- net.bytebuddy:byte-buddy-agent:jar:1.10.14:test
[INFO] |  \- org.powermock:powermock-module-testng-common:jar:2.0.9:test
[INFO] \- org.powermock:powermock-api-mockito2:jar:2.0.9:test
[INFO]    +- org.powermock:powermock-api-support:jar:2.0.9:test
[INFO]    \- org.mockito:mockito-core:jar:3.12.4:test
[INFO]       \- org.objenesis:objenesis:jar:3.2:test

Suggested solutions:

Update dependency version

Thank you very much.
@CVEDetect CVEDetect mentioned this issue Mar 1, 2023
Merged
@dockerzhang dockerzhang added this to the 1.6.0 milestone Mar 2, 2023
@healchow healchow changed the title Dependency org.apache.tomcat.embed:tomcat-embed-core leading to CVE problem [Improve][CVE] Dependency org.apache.tomcat.embed:tomcat-embed-core leading to CVE problem Mar 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@CVEDetect CVEDetect

Labels
type/improve
Projects
None yet
Milestone
1.6.0
3 participants
@dockerzhang @healchow @CVEDetect