From 8da2b2992f45e3b164b0339ea022ca76573f488a Mon Sep 17 00:00:00 2001 From: Hazmi Date: Thu, 12 Dec 2024 05:47:05 +0300 Subject: [PATCH] Bump async-http-client to 3.0.1 Bump async-http-client to 3.0.1 to resolve CVE-2024-53990 _. --- pom.xml | 3 +-- .../apache/druid/java/util/emitter/core/HttpPostEmitter.java | 3 ++- .../apache/druid/java/util/emitter/core/HttpEmitterTest.java | 5 +++-- .../druid/java/util/http/client/AsyncHttpClientTest.java | 5 +++-- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/pom.xml b/pom.xml index 3ee7600d5437d..40236a2b479d7 100644 --- a/pom.xml +++ b/pom.xml @@ -1010,8 +1010,7 @@ org.asynchttpclient async-http-client - - 2.5.3 + 3.0.1 net.java.dev.jna diff --git a/processing/src/main/java/org/apache/druid/java/util/emitter/core/HttpPostEmitter.java b/processing/src/main/java/org/apache/druid/java/util/emitter/core/HttpPostEmitter.java index f70b7e7d3fd88..405f9e6384da9 100644 --- a/processing/src/main/java/org/apache/druid/java/util/emitter/core/HttpPostEmitter.java +++ b/processing/src/main/java/org/apache/druid/java/util/emitter/core/HttpPostEmitter.java @@ -45,6 +45,7 @@ import java.net.URL; import java.nio.ByteBuffer; import java.nio.charset.StandardCharsets; +import java.time.Duration; import java.util.ArrayDeque; import java.util.concurrent.ConcurrentLinkedDeque; import java.util.concurrent.ConcurrentLinkedQueue; @@ -773,7 +774,7 @@ private void send(byte[] buffer, int length) throws Exception request.setHeader(HttpHeaders.Names.AUTHORIZATION, "Basic " + encoded); } - request.setRequestTimeout(Ints.saturatedCast(timeoutMillis)); + request.setRequestTimeout(Duration.ofMillis(Ints.saturatedCast(timeoutMillis))); ListenableFuture future = client.executeRequest(request); Response response; diff --git a/processing/src/test/java/org/apache/druid/java/util/emitter/core/HttpEmitterTest.java b/processing/src/test/java/org/apache/druid/java/util/emitter/core/HttpEmitterTest.java index 384b3a0a8eaa1..624ad8ab50b4d 100644 --- a/processing/src/test/java/org/apache/druid/java/util/emitter/core/HttpEmitterTest.java +++ b/processing/src/test/java/org/apache/druid/java/util/emitter/core/HttpEmitterTest.java @@ -30,6 +30,7 @@ import org.junit.Test; import java.io.IOException; +import java.time.Duration; import java.util.concurrent.atomic.AtomicLong; public class HttpEmitterTest @@ -56,8 +57,8 @@ public void setup() @Override protected ListenableFuture go(Request request) { - int timeout = request.getRequestTimeout(); - timeoutUsed.set(timeout); + Duration timeout = request.getRequestTimeout(); + timeoutUsed.set(timeout.toMillis()); return GoHandlers.immediateFuture(EmitterTest.okResponse()); } }); diff --git a/processing/src/test/java/org/apache/druid/java/util/http/client/AsyncHttpClientTest.java b/processing/src/test/java/org/apache/druid/java/util/http/client/AsyncHttpClientTest.java index aa20c0eaf84e9..817eeb5a8d18c 100644 --- a/processing/src/test/java/org/apache/druid/java/util/http/client/AsyncHttpClientTest.java +++ b/processing/src/test/java/org/apache/druid/java/util/http/client/AsyncHttpClientTest.java @@ -30,6 +30,7 @@ import java.net.ServerSocket; import java.net.Socket; import java.nio.charset.StandardCharsets; +import java.time.Duration; import java.util.concurrent.ExecutionException; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; @@ -81,7 +82,7 @@ public void run() requestStart = System.currentTimeMillis(); Future future = client .prepareGet(StringUtils.format("http://localhost:%d/", serverSocket.getLocalPort())) - .setRequestTimeout(2000) + .setRequestTimeout(Duration.ofMillis(2000)) .execute(); System.out.println("created future in: " + (System.currentTimeMillis() - requestStart)); future.get(3000, TimeUnit.MILLISECONDS); @@ -103,7 +104,7 @@ private void warmUp(ServerSocket serverSocket, DefaultAsyncHttpClient client) try { Future future = client .prepareGet(StringUtils.format("http://localhost:%d/", serverSocket.getLocalPort())) - .setRequestTimeout(100) + .setRequestTimeout(Duration.ofMillis(100)) .execute(); future.get(); }