Merge pull request #403 from alsutton/address_security_issues

Update dependencies to address vulnerabilities.
pull/404/head
Michael Christen 4 years ago committed by GitHub
commit ffe8786d69
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -188,7 +188,7 @@
<pathelement location="${lib}/commons-logging-1.2.jar" />
<pathelement location="${lib}/commons-math3-3.4.1.jar" />
<pathelement location="${lib}/fontbox-2.0.15.jar" />
<pathelement location="${lib}/guava-18.0.jar" />
<pathelement location="${lib}/guava-30.1-jre.jar" />
<pathelement location="${lib}/httpclient-4.5.12.jar" />
<pathelement location="${lib}/httpcore-4.4.13.jar" />
<pathelement location="${lib}/httpmime-4.5.12.jar" />
@ -226,21 +226,21 @@
<pathelement location="${lib}/jwat-gzip-1.1.1.jar" />
<pathelement location="${lib}/jwat-warc-1.1.1.jar" />
<pathelement location="${lib}/log4j-over-slf4j-1.7.25.jar" />
<pathelement location="${lib}/lucene-analyzers-common-7.7.3.jar" />
<pathelement location="${lib}/lucene-analyzers-phonetic-7.7.3.jar" />
<pathelement location="${lib}/lucene-backward-codecs-7.7.3.jar" />
<pathelement location="${lib}/lucene-classification-7.7.3.jar" />
<pathelement location="${lib}/lucene-codecs-7.7.3.jar" />
<pathelement location="${lib}/lucene-core-7.7.3.jar" />
<pathelement location="${lib}/lucene-grouping-7.7.3.jar" />
<pathelement location="${lib}/lucene-highlighter-7.7.3.jar" />
<pathelement location="${lib}/lucene-join-7.7.3.jar" />
<pathelement location="${lib}/lucene-memory-7.7.3.jar" />
<pathelement location="${lib}/lucene-misc-7.7.3.jar" />
<pathelement location="${lib}/lucene-queries-7.7.3.jar" />
<pathelement location="${lib}/lucene-queryparser-7.7.3.jar" />
<pathelement location="${lib}/lucene-spatial-extras-7.7.3.jar" />
<pathelement location="${lib}/lucene-suggest-7.7.3.jar" />
<pathelement location="${lib}/lucene-analyzers-common-8.8.1.jar" />
<pathelement location="${lib}/lucene-analyzers-phonetic-8.8.1.jar" />
<pathelement location="${lib}/lucene-backward-codecs-8.8.1.jar" />
<pathelement location="${lib}/lucene-classification-8.8.1.jar" />
<pathelement location="${lib}/lucene-codecs-8.8.1.jar" />
<pathelement location="${lib}/lucene-core-8.8.1.jar" />
<pathelement location="${lib}/lucene-grouping-8.8.1.jar" />
<pathelement location="${lib}/lucene-highlighter-8.8.1.jar" />
<pathelement location="${lib}/lucene-join-8.8.1.jar" />
<pathelement location="${lib}/lucene-memory-8.8.1.jar" />
<pathelement location="${lib}/lucene-misc-8.8.1.jar" />
<pathelement location="${lib}/lucene-queries-8.8.1.jar" />
<pathelement location="${lib}/lucene-queryparser-8.8.1.jar" />
<pathelement location="${lib}/lucene-spatial-extras-8.8.1.jar" />
<pathelement location="${lib}/lucene-suggest-8.8.1.jar" />
<pathelement location="${lib}/metadata-extractor-2.11.0.jar" />
<pathelement location="${lib}/metrics-core-3.2.2.jar" />
<pathelement location="${lib}/noggit-0.8.jar" />
@ -252,8 +252,8 @@
<pathelement location="${lib}/rrd4j-3.2.jar" />
<pathelement location="${lib}/slf4j-api-1.7.25.jar" />
<pathelement location="${lib}/slf4j-jdk14-1.7.25.jar" />
<pathelement location="${lib}/solr-core-7.7.3.jar" />
<pathelement location="${lib}/solr-solrj-7.7.3.jar" />
<pathelement location="${lib}/solr-core-8.8.1.jar" />
<pathelement location="${lib}/solr-solrj-8.8.1.jar" />
<pathelement location="${lib}/spatial4j-0.6.jar" />
<pathelement location="${lib}/stax2-api_3.1.4.jar" />
<pathelement location="${lib}/weupnp-0.1.4.jar" />

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

@ -34,7 +34,7 @@
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<!-- the Solr version used in dependency section for all related dependencies -->
<solr.version>6.6.6</solr.version>
<solr.version>8.8.1</solr.version>
<!-- the Jetty version used in dependency section for all related dependencies -->
<jetty.version>9.4.35.v20201120</jetty.version>
@ -366,7 +366,7 @@
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.13</version>
<version>4.13.1</version>
<scope>test</scope>
</dependency>

@ -39,6 +39,7 @@ import org.apache.lucene.document.Document;
import org.apache.lucene.index.DirectoryReader;
import org.apache.lucene.index.IndexableField;
import org.apache.lucene.search.Query;
import org.apache.lucene.search.TotalHits;
import org.apache.lucene.util.BytesRef;
import org.apache.solr.client.solrj.SolrQuery;
import org.apache.solr.client.solrj.SolrServerException;
@ -232,7 +233,7 @@ public class EmbeddedSolrConnector extends SolrServerConnector implements SolrCo
SolrDocumentList sdl = new SolrDocumentList();
NamedList<?> nl = rsp.getValues();
ResultContext resultContext = (ResultContext) nl.get("response");
DocList response = resultContext == null ? new DocSlice(0, 0, new int[0], new float[0], 0, 0.0f) : resultContext.getDocList();
DocList response = resultContext == null ? new DocSlice(0, 0, new int[0], new float[0], 0, 0.0f, TotalHits.Relation.EQUAL_TO) : resultContext.getDocList();
sdl.setNumFound(response == null ? 0 : response.matches());
sdl.setStart(response == null ? 0 : response.offset());
String originalName = Thread.currentThread().getName();
@ -364,7 +365,6 @@ public class EmbeddedSolrConnector extends SolrServerConnector implements SolrCo
return SolrQueryResponse2SolrDocumentList(req, response);
} finally {
req.close();
SolrRequestInfo.clearRequestInfo();
}
}
@ -383,7 +383,7 @@ public class EmbeddedSolrConnector extends SolrServerConnector implements SolrCo
NamedList<?> nl = rsp.getValues();
ResultContext resultContext = (ResultContext) nl.get("response");
if (resultContext == null) log.warn("DocListSearcher: no response for query '" + querystring + "'");
this.response = resultContext == null ? new DocSlice(0, 0, new int[0], new float[0], 0, 0.0f) : resultContext.getDocList();
this.response = resultContext == null ? new DocSlice(0, 0, new int[0], new float[0], 0, 0.0f, TotalHits.Relation.EQUAL_TO) : resultContext.getDocList();
}
@Override

@ -51,6 +51,7 @@ import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
@ -836,7 +837,7 @@ public class Domains {
final private static ExecutorService getByNameService = Executors
.newCachedThreadPool(new NamePrefixThreadFactory("InetAddress.getByName"));
final private static TimeLimiter timeLimiter = new SimpleTimeLimiter(getByNameService);
final private static TimeLimiter timeLimiter = SimpleTimeLimiter.create(getByNameService);
/**
* strip off any parts of an url, address string (containing host/ip:port) or raw IPs/Hosts,
@ -992,9 +993,9 @@ public class Domains {
public InetAddress call() throws Exception {
return InetAddress.getByName(host);
}
}, 3000L, TimeUnit.MILLISECONDS, false);
}, 3000L, TimeUnit.MILLISECONDS);
//ip = TimeoutRequest.getByName(host, 1000); // this makes the DNS request to backbone
} catch (final UncheckedTimeoutException e) {
} catch (final InterruptedException | TimeoutException e) {
// in case of a timeout - maybe cause of massive requests - do not fill NAME_CACHE_MISS
LOOKUP_SYNC.remove(host);
return null;

@ -85,6 +85,8 @@ import org.apache.solr.common.SolrException;
import org.apache.solr.common.SolrInputDocument;
import org.apache.solr.common.SolrException.ErrorCode;
import org.apache.lucene.util.Version;
import org.apache.solr.core.SolrConfig;
import org.apache.solr.schema.IndexSchema;
public final class Fulltext {
@ -150,7 +152,9 @@ public final class Fulltext {
}
EmbeddedInstance localCollectionInstance = new EmbeddedInstance(new File(new File(Switchboard.getSwitchboard().appPath, "defaults"), "solr"), solrLocation, CollectionSchema.CORE_NAME, new String[]{CollectionSchema.CORE_NAME, WebgraphSchema.CORE_NAME});
Version luceneVersion = localCollectionInstance.getDefaultCore().getSolrConfig().getLuceneVersion("luceneMatchVersion");
SolrConfig config = localCollectionInstance.getDefaultCore().getSolrConfig();
String versionValue = config.getVal(IndexSchema.LUCENE_MATCH_VERSION_PARAM, true);
Version luceneVersion = SolrConfig.parseLuceneVersionString(versionValue);
String lvn = luceneVersion.major + "_" + luceneVersion.minor;
ConcurrentLog.info("Fulltext", "using lucene version " + lvn);
assert SOLR_PATH.endsWith(lvn) : "luceneVersion = " + lvn + ", solrPath = " + SOLR_PATH + ", check defaults/solr/solrconfig.xml";

Loading…
Cancel
Save