From c5d8ffd1b897c34d7857720859b21f665b739d38 Mon Sep 17 00:00:00 2001
From: jon-wei <jon.wei@imply.io>
Date: Mon, 1 Feb 2021 15:17:44 -0800
Subject: [PATCH 1/2] Address CVE-2020-8570, suppress CVE-2020-8554

---
 extensions-core/kubernetes-extensions/pom.xml |  2 +-
 owasp-dependency-check-suppressions.xml       | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/extensions-core/kubernetes-extensions/pom.xml b/extensions-core/kubernetes-extensions/pom.xml
index dd6d5ba3306e..1f663142d161 100644
--- a/extensions-core/kubernetes-extensions/pom.xml
+++ b/extensions-core/kubernetes-extensions/pom.xml
@@ -35,7 +35,7 @@
   </parent>
 
   <properties>
-    <kubernetes.client.version>10.0.0</kubernetes.client.version>
+    <kubernetes.client.version>10.0.1</kubernetes.client.version>
   </properties>
 
   <dependencies>
diff --git a/owasp-dependency-check-suppressions.xml b/owasp-dependency-check-suppressions.xml
index 6a532efff750..4e3ea3f04ac4 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -58,6 +58,17 @@
     <cve>CVE-2020-12691</cve>
   </suppress>
 
+
+  <suppress>
+    <!-- Not much for us to do as a user of the client lib, and no patch is available,
+     see https://github.com/kubernetes/kubernetes/issues/97076 -->
+    <notes><![CDATA[
+   file name: client-java-10.0.1.jar
+   ]]></notes>
+    <packageUrl regex="true">^pkg:maven/io\.kubernetes/client\-java.*@10.0.1$</packageUrl>
+    <cve>CVE-2020-8554</cve>
+  </suppress>
+
   <!-- FIXME: These are suppressed so that CI can enforce that no new vulnerable dependencies are added. -->
   <suppress>
     <!--

From a64aad6c844aa2f6ff671750e0bb8a0ae7c56f4a Mon Sep 17 00:00:00 2001
From: jon-wei <jon.wei@imply.io>
Date: Mon, 1 Feb 2021 15:45:37 -0800
Subject: [PATCH 2/2] Update licenses.yaml

---
 licenses.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/licenses.yaml b/licenses.yaml
index 219256e4fc1e..e9833570c41a 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -841,7 +841,7 @@ name: kubernetes official java client
 license_category: binary
 module: extensions/druid-kubernetes-extensions
 license_name: Apache License version 2.0
-version: 10.0.0
+version: 10.0.1
 libraries:
   - io.kubernetes: client-java
 
@@ -851,7 +851,7 @@ name: kubernetes official java client api
 license_category: binary
 module: extensions/druid-kubernetes-extensions
 license_name: Apache License version 2.0
-version: 10.0.0
+version: 10.0.1
 libraries:
   - io.kubernetes: client-java-api
 
@@ -861,7 +861,7 @@ name: kubernetes official java client extended
 license_category: binary
 module: extensions/druid-kubernetes-extensions
 license_name: Apache License version 2.0
-version: 10.0.0
+version: 10.0.1
 libraries:
   - io.kubernetes: client-java-extended
 
@@ -981,7 +981,7 @@ name: io.kubernetes client-java-proto
 license_category: binary
 module: extensions/druid-kubernetes-extensions
 license_name: Apache License version 2.0
-version: 10.0.0
+version: 10.0.1
 libraries:
   - io.kubernetes: client-java-proto