23 May 2024

Third-Party License Agreements

This page list all the third-party libraries shipped included within GigaSpaces products on a per-version basis, and their respective license agreements.

The following does not include notice regarding any dependency or sub-dependency of the open source software listed below. However, you may find information about such dependency or sub-dependency in the link provided with regard to each such open source.

Any enquiries regarding the open source components listed below may be addressed to our support team.

Product	Version	License	Required	Component
Security	1.6	Sun	Yes	Data Grid
Apache Commons	1.x-2.x	Apache2	Yes	Data Grid
Spring	5.3.29	Apache2	Yes	Data Grid
Spring Security	5.7.5	Apache2	No	Data Gride
ASM (see Note below)	9.5	INRIA	No	Data Grid
OSHI	5.2.5	MIT	No	Data Grid
JNA	5.6.0	Apache2	No	Data Grid
HyperSonic SQL	1.8.0	Hypersonic SQL	No	Data Grid
H2	1.2	H2	No	Data Grid
Velocity	1.5	Apache2	No	Data Grid
Maven	3.6.3	Apache2	No	Data Grid
Ant	1.9.4	Apache2	No	Data Grid
Apache Zookeeper	3.6.3	Apache2	No	Data Grid
Netty (sub-dependency of Zookeeper)	4.1.86	Apache2	No	Data Grid
Apache Curator	5.2.1	Apache2	No	Data Grid
Apache Spark	2.4.4	Apache2	No	Analytics
Apache Zeppelin	0.8.2	Apache2	No	Analytics
SLF4J	1.7.26	Apache2	No	Logging

ASM (Java bytecode manipulation framework): Until version 16.3.0, GigaSpacesbundles ASM v3.3.1.

Starting with ASM v4.0, there was a breaking change made to their API, specifically converting interfaces to classes, e.g., ClassVisitor and Method Visitor.

In GigaSpaces16.4, the bundle was updated to include ASM v9.5, mainly to support future upgrades to Java 11.

Product	Version	License	Component	Documentation
SnakeYaml (sub-dependency of Kubernetes)	1.32	Apache2	KubeGrid	KubeGrid
OpenJPA	2.2.2	Apache2	Persistency	JPA
Hibernate	5.6.7	LGPL	Persistency	Hibernate Space Persistency
Grafana (see Note below)	7.3.7	Grafana	Analytics/Metrics	Grafana
Cassandra	1.2.5	Apache2	Persistency	Cassandra Integration
MongoDB	3.2.0	Creative Commons	Persistency	MongoDB Integration
InfluxDB (see Note below)	0.9	MIT	Metrics	InfluxDB
Jetty	9.4.44	Apache2	Web Container	Jetty Processing Unit Container
Apache Lucene	7.5	Apache2	Spatial, Full Text Search	Geospatial Queries, Full Text Search
Spatial4J	0.6	Apache2	Spatial	Geospatial Queries
JTS Topology Suite	1.13	Eclipse Distribution License v1.0	Spatial	Geospatial Queries
JMS	1.1	Sun	JMS	JMS Messaging Support
Mule	3.3.0	CPAL	Mule	Mule ESB
Groovy	1.8.6	Apache2	Dynamic Scripting	Dynamic Scripting Support
Scala	2.10.1	Scala	Scala	Scala
snmp4j	1.11.2	Apache2	SNMP	SNMP Connectivity via Alert Logging Gateway
log4j-snmp-trap-appender	1.2.9	Apache2	SNMP	SNMP Connectivity via Alert Logging Gateway
RocksDB	6.0.1	Apache2	MemoryXtend Related to Data Tiering. The MemoryXtend (blobstore) storage model allows an external storage medium (one that does not reside on the JVM heap) to store the GigaSpaces Space data and is designed for operational workloads. It keeps all indexes in RAM for better performance.	MemoryXtend for Disk (SSD/HDD)

This product is deployed with GigaSpaces but is not bundled into it. The deployment is side by side, and the communication is via API.

Product	Version	License
tslib	2.6.2	OBSD
dexie-react-hooks	1.1.1	Apache2
dexie	3.2.3	Apache2
@headlessui/react	1.7.13	MIT
@monaco-editor/react	4.4.6	MIT
@nivo/bar	0.79.1	MIT
@nivo/core	0.79.0	MIT
@nivo/line	0.79.1	MIT
@nivo/pie	0.79.1	MIT
@patternfly/react-log-viewer	4,87.100	MIT
@tailwindcss/forms	0.4.1	MIT
@tailwindcss/typography	0.5.9	MIT
@types/chance	1.1.3	MIT
@types/js-cookie	3.0.3	MIT
@types/lodash.flatten	4.4.7	MIT
@types/lodash.uniqueid	4.0.7	MIT
@types/lodash	4.14.192	MIT
@types/react-datepicker	4.4.2	MIT
axios	0.25.0	MIT
chance	1.1.11	MIT
chart.js	3.8.0	MIT
cookie	0.5.0	MIT
core-js	3.29.1	MIT
date-fns	2.29.3	MIT
file-saver	2.0.5	MIT
form-data	2.3.3	MIT
jest-canvas-mock	2.5.0	MIT
js-cookie	3.0.1	MIT
lodash.flatten	4.4.0	MIT
lodash.uniqueid	4.0.7	MIT
lodash	4.17.21	MIT
monaco-editor-webpack-plugin	1.9.1	MIT
monaco-editor	0.20.0	MIT
monaco-sql-languages	0.9.4	MIT
next-transpile-modules	9.1.0	MIT
next	12.2.0	MIT
node-mocks-http	1.12.2	MIT
react-datepicker	4.11.0	MIT
react-dom	18.2.0	MIT
react-hook-form	7.43.8	MIT
react-idle-timer	5.5.3	MIT
react-monaco-editor	0.49.0	MIT
react-paginate	8.1.4	MIT
react-range	1.8.14	MIT
react-table	7.8.0	MIT
react	18.2.0	MIT
regenerator-runtime	0.13.11	MIT
tailwindcss	3.3.0	MIT

Product	Version	License	Component
commons-compress-1.19.jar	1.19	Apache license 2.0	DI The Data Integration (DI) layer is a vital part of the Digital Integration Hub (DIH) platform. It is responsible for a wide range of data integration tasks such as ingesting data in batches or streaming data changes. This is performed in real-time from various sources and systems of record (SOR. The data then resides in the In-Memory Data Grid (IMDG), or Space, of the GigaSpaces Smart DIH platform. Manager
flink-api-feign-client-1.15.3.0.jar	1.15.3.0	Apache license 2.0	DI Manager
jackson-databind-2.13.3.jar	2.13.3	Apache license 2.0	DI Manager
okhttp-3.14.9.jar	3.14.9	Apache license 2.0	DI Manager
poi-4.1.2.jar	4.1.2	Apache license 2.0	DI Manager
protobuf-java-3.19.4.jar	3.19.4	BSD-3	DI Manager
snakeyaml-1.29.jar	1.29	Apache license 2.0	DI Manager
spring-web-5.3.20.jar	5.3.20	Apache license 2.0	DI Manager
tomcat-embed-core-9.0.63.jar	9.0.63	Apache license 2.0	DI Manager
xstream-1.4.19.jar	1.4.19	BSD-3	DI Manager
guava-27.0.1-jre.jar	27.0.1	Apache license 2.0	DI MDM
netty-codec-4.1.77.Final.jar	4.1.77	Apache license 2.0	DI MDM
log4j:1.2.16	1.2.16	Apache license 2.0	DI Processor
Flink	1.15.3	Apache license 2.0	Flink Apache Flink is an open-source, unified stream-processing and batch-processing framework developed by the Apache Software Foundation. The core of Apache Flink is a distributed streaming data-flow engine written in Java and Scala. Flink executes arbitrary dataflow programs in a data-parallel and pipelined manner.
Kafka	2.13	Apache license 2.0	Kafka Apache Kafka is a distributed event store and stream-processing platform. Apache Kafka is a distributed publish-subscribe messaging system. A message is any kind of information that is sent from a producer (application that sends the messages) to a consumer (application that receives the messages). Producers write their messages or data to Kafka topics. These topics are divided into partitions that function like logs. Each message is written to a partition and has a unique offset, or identifier. Consumers can specify a particular offset point where they can begin to read messages.
Zookeeper	3.4.6	Apache license 2.0	Zookeeper Apache Zookeeper. An open-source server for highly reliable distributed coordination of cloud applications. It provides a centralized service for providing configuration information, naming, synchronization and group services over large clusters in distributed systems. The goal is to make these systems easier to manage with improved, more reliable propagation of changes.

Product	Version	License
Server side
HyperSQL	2.3.2	BSD
Client side
NoRedInk/elm-json-decode-pipeline	1.0.0	BSD-3-Clause
NoRedInk/elm-simple-fuzzy	1.0.3	BSD-3-Clause
arowM/html-extra	1.0.0	MIT
arturopala/elm-monocle	2.1.0	MIT
avh4/elm-color	1.0.0	BSD-3-Clause
cuducos/elm-format-number	7.0.0	BSD-3-Clause
debois/elm-dom	1.3.0	Apache-2.0
elm/browser	1.0.1	BSD-3-Clause
elm/core	1.0.2	BSD-3-Clause
elm/file	1.0.5	BSD-3-Clause
elm/html	1.0.0	BSD-3-Clause
elm/http	2.0.0	BSD-3-Clause
elm/json	1.1.3	BSD-3-Clause
elm/parser	1.1.0	BSD-3-Clause
elm/random	1.0.0	BSD-3-Clause
elm/svg	1.0.1	BSD-3-Clause
elm/time	1.0.0	BSD-3-Clause
elm/url	1.0.0	BSD-3-Clause
elm-community/list-extra	8.2.2	MIT
elm-community/maybe-extra	5.0.0	MIT
elm-community/string-extra	4.0.1	BSD-3-Clause
elm-community/typed-svg	5.1.0	BSD-3-Clause
elm-explorations/test	1.2.2	BSD-3-Clause
ggb/numeral-elm	1.4.3	MIT
jschomay/elm-paginate	3.1.1	BSD-3-Clause
myrho/elm-round	1.0.4	BSD-3-Clause
pablohirafuji/elm-syntax-highlight	3.1.1	Apache-2.0
rundis/elm-bootstrap	5.2.0	BSD-3-Clause
ryannhg/date-format	2.3.0	BSD-3-Clause
sporto/elm-select	3.1.3	MIT
terezka/line-charts	2.0.0	BSD-3-Clause
arowM/elm-html-extra-internal	1.1.0	MIT
arowM/elm-html-internal	1.0.0	MIT
arowM/html	1.0.1	MIT
elm/bytes	1.0.8	BSD-3-Clause
elm/regex	1.0.0	BSD-3-Clause
elm/virtual-dom	1.0.2	BSD-3-Clause
elm-community/html-extra	3.3.0	MIT
folkertdev/elm-deque	3.0.1	BSD-3-Clause
folkertdev/one-true-path-experiment	4.0.3	BSD-3-Clause
folkertdev/svg-path-lowlevel	3.0.0	BSD-3-Clause
ianmackenzie/elm-float-extra	1.1.0	MPL-2.0
ianmackenzie/elm-geometry	1.2.1	MPL-2.0
ianmackenzie/elm-interval	1.0.1	MPL-2.0
ianmackenzie/elm-triangular-mesh	1.0.4	MPL-2.0
jschomay/elm-bounded-number	2.1.1	BSD-3-Clause
justinmimbs/date	3.1.2	BSD-3-Clause
justinmimbs/time-extra	1.1.0	BSD-3-Clause
bootstrap	4.3.1	MIT
Font Awesome	4.7.0	MIT
ionicons	2.0.1	MIT
Heebo font		Open Font License
Rubik font		Open Font License
highlight	9.8.0	BSD-3
jquery	3.3.1	MIT
popper	1.14.7	MIT

Product	Version	License
Google Web Toolkit	2.4.0	Apache2
FileUpload	1.2.2	Apache2
gwtupload	0.6.3	Apache2
Commons Lang	2.6	Apache2
Highcharts	2.1.9	Commercial
Ext GWT	2.2.5	Commercial
jQuery	1.8.1	MIT
Raphaël	2.1.0	MIT
Dracula Graph	0.0.3	MIT
CCombo V2.0	2.0	MIT
SexyCombo	2.1.3	MIT
GwtQuery	1.1.0	Apache2
CodeMirror	2.3.4	MIT
Apache Commons Math v2.1	2.1	Apache2
Fugue Icons	3.5.6	Creative Commons
Alphanum Comparator		LGPL
Jackson	1.9.9	LGPL
JGit	2.2.0	EDL
slf4j	1.7.2	MIT
JCTerm	0.0.11	GNU LGPL
JSch	0.1.48	BSD
JZlib	1.1.1	BSD
D3	3.2.7	BSD

Product	Version	License	Component
Castle		Apache2	Remoting

Product	Version	License	Component
JSONDoc	1.0.9	MIT	REST REpresentational State Transfer. Application Programming Interface An API, or application programming interface, is a set of rules that define how applications or devices can connect to and communicate with each other. A REST API is an API that conforms to the design principles of the REST, or representational state transfer architectural style.
Guava	15.0	Apache 2	REST
Apache POI	4.1.2	Apache 2	GS-UI
Javassist	3.18.2	Apache 2	REST
log4j	1.2.17	Apache 2	REST
Reflections	0.9.9	WTFPL	REST
Jackson	2.9,9	Apache2	REST
JLine	3.11	BSD	CLI
Jansi	1.18	BSD	CLI
Picocli	3.9.5	Apache2	CLI
Calcite (see note below)	1.25.0	Apache	API component available via a data-grid API, SpaceDeck GigaSpaces intuitive, streamlined user interface to set up, manage and control their environment. Using SpaceDeck, users can define the tools to bring legacy System of Record (SoR) databases into the in-memory data grid that is the core of the GigaSpaces system., REST, CLI and xap-dgw

Calcite 1.25.0 known vulnerabilities are CVE-2022-39135 and CVE-2020-13955.

CVE-2022-39135 is an XML External Entity (XEE) vulnerability that allows an SQL query to read the contents of files via the SQL functions of EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM or EXTRACT_VALUE.

GigaSpaces Analysis: GigaSpaces is NOT affected by this vulnerability as we do not expose these SQL operators to clients.

CVE-2020-13955 is a vulnerability which exploits a utility class provided by Apache Calcite (HttpUtils#getURLConnection) to create vulnerable HTTPS connections for other applications by disabling verification.

GigaSpaces Analysis: GigaSpaces is NOT affected by this vulnerability as we do not use this utility method to create HTTP connections, using instead the default JVM Java Virtual Machine. A virtual machine that enables a computer to run Java programs as well as programs written in other languages that are also compiled to Java bytecode. truststore.