Third-Party License Agreements

This page list all the third-party libraries shipped with GigaSpaces products on a per-version basis, and their respective license agreements.

Product Version License Required Component
Security 1.6 Sun Yes Data Grid
Apache Commons 1.x-2.x Apache2 Yes Data Grid
Spring 5.3.29 Apache2 Yes Data Grid
Spring Security 5.7.5 Apache2 No Data Gride
ASM (see Note below) 9.5 INRIA No Data Grid
OSHI 5.2.5 MIT No Data Grid
JNA 5.6.0 Apache2 No Data Grid
HyperSonic SQL 1.8.0 Hypersonic SQL No Data Grid
H2 1.2 H2 No Data Grid
Velocity 1.5 Apache2 No Data Grid
Maven 3.6.3 Apache2 No Data Grid
Ant 1.9.4 Apache2 No Data Grid
Apache Zookeeper 3.6.3 Apache2 No Data Grid
Netty (sub-dependency of Zookeeper) 4.1.86 Apache2 No Data Grid
Apache Curator 5.2.1 Apache2 No Data Grid
Apache Spark 2.4.4 Apache2 No Analytics
Apache Zeppelin 0.8.2 Apache2 No Analytics
SLF4J 1.7.26 Apache2 No Logging

ASM (Java bytecode manipulation framework): Until version 16.3.0, GigaSpacesbundles ASM v3.3.1.

Starting with ASM v4.0, there was a breaking change made to their API, specifically converting interfaces to classes, e.g., ClassVisitor and Method Visitor.

In GigaSpaces16.4, the bundle was updated to include ASM v9.5, mainly to support future upgrades to Java 11.

Product Version License Component Documentation
SnakeYaml (sub-dependency of Kubernetes) 1.32 Apache2 KubeGrid KubeGrid
OpenJPA 2.2.2 Apache2 Persistency JPA
Hibernate 5.6.7 LGPL Persistency Hibernate Space Persistency
Grafana (see Note below) 7.3.7 Grafana Analytics/Metrics Grafana
Cassandra 1.2.5 Apache2 Persistency Cassandra Integration
MongoDB 3.2.0 Creative Commons Persistency MongoDB Integration
InfluxDB (see Note below) 0.9 MIT Metrics InfluxDB
Jetty 9.4.44 Apache2 Web Container Jetty Processing Unit Container
Apache Lucene 7.5 Apache2 Spatial, Full Text Search Geospatial Queries, Full Text Search
Spatial4J 0.6 Apache2 Spatial Geospatial Queries
JTS Topology Suite 1.13 Eclipse Distribution License v1.0 Spatial Geospatial Queries
JMS 1.1 Sun JMS JMS Messaging Support
Mule 3.3.0 CPAL Mule Mule ESB
Groovy 1.8.6 Apache2 Dynamic Scripting Dynamic Scripting Support
Scala 2.10.1 Scala Scala Scala
snmp4j 1.11.2 Apache2 SNMP SNMP Connectivity via Alert Logging Gateway
log4j-snmp-trap-appender 1.2.9 Apache2 SNMP SNMP Connectivity via Alert Logging Gateway
RocksDB 6.0.1 Apache2 MemoryXtendClosed Related to Data Tiering. The MemoryXtend (blobstore) storage model allows an external storage medium (one that does not reside on the JVM heap) to store the GigaSpaces Space data and is designed for operational workloads. It keeps all indexes in RAM for better performance. MemoryXtend for Disk (SSD/HDD)

This product is deployed with GigaSpaces but is not bundled into it. The deployment is side by side, and the communication is via API.

Product Version License
tslib 2.6.2 OBSD
dexie-react-hooks 1.1.1 Apache2
dexie 3.2.3 Apache2
@headlessui/react 1.7.13 MIT
@monaco-editor/react 4.4.6 MIT
@nivo/bar 0.79.1 MIT
@nivo/core 0.79.0 MIT
@nivo/line 0.79.1 MIT
@nivo/pie 0.79.1 MIT
@patternfly/react-log-viewer 4,87.100 MIT
@tailwindcss/forms 0.4.1 MIT
@tailwindcss/typography 0.5.9 MIT
@types/chance 1.1.3 MIT
@types/js-cookie 3.0.3 MIT
@types/lodash.flatten 4.4.7 MIT
@types/lodash.uniqueid 4.0.7 MIT
@types/lodash 4.14.192 MIT
@types/react-datepicker 4.4.2 MIT
axios 0.25.0 MIT
chance 1.1.11 MIT
chart.js 3.8.0 MIT
cookie 0.5.0 MIT
core-js 3.29.1 MIT
date-fns 2.29.3 MIT
file-saver 2.0.5 MIT
form-data 2.3.3 MIT
jest-canvas-mock 2.5.0 MIT
js-cookie 3.0.1 MIT
lodash.flatten 4.4.0 MIT
lodash.uniqueid 4.0.7 MIT
lodash 4.17.21 MIT
monaco-editor-webpack-plugin 1.9.1 MIT
monaco-editor 0.20.0 MIT
monaco-sql-languages 0.9.4 MIT
next-transpile-modules 9.1.0 MIT
next 12.2.0 MIT
node-mocks-http 1.12.2 MIT
react-datepicker 4.11.0 MIT
react-dom 18.2.0 MIT
react-hook-form 7.43.8 MIT
react-idle-timer 5.5.3 MIT
react-monaco-editor 0.49.0 MIT
react-paginate 8.1.4 MIT
react-range 1.8.14 MIT
react-table 7.8.0 MIT
react 18.2.0 MIT
regenerator-runtime 0.13.11 MIT
tailwindcss 3.3.0 MIT
Product Version License Component
commons-compress-1.19.jar 1.19 Apache license 2.0 DIClosed The Data Integration (DI) layer is a vital part of the Digital Integration Hub (DIH) platform. It is responsible for a wide range of data integration tasks such as ingesting data in batches or streaming data changes. This is performed in real-time from various sources and systems of record (SOR. The data then resides in the In-Memory Data Grid (IMDG), or Space, of the GigaSpaces Smart DIH platform. Manager
flink-api-feign-client-1.15.3.0.jar 1.15.3.0 Apache license 2.0 DI Manager
jackson-databind-2.13.3.jar 2.13.3 Apache license 2.0 DI Manager
okhttp-3.14.9.jar 3.14.9 Apache license 2.0 DI Manager
poi-4.1.2.jar 4.1.2 Apache license 2.0 DI Manager
protobuf-java-3.19.4.jar 3.19.4 BSD-3 DI Manager
snakeyaml-1.29.jar 1.29 Apache license 2.0 DI Manager
spring-web-5.3.20.jar 5.3.20 Apache license 2.0 DI Manager
tomcat-embed-core-9.0.63.jar 9.0.63 Apache license 2.0 DI Manager
xstream-1.4.19.jar 1.4.19 BSD-3 DI Manager
guava-27.0.1-jre.jar 27.0.1 Apache license 2.0 DI MDM
netty-codec-4.1.77.Final.jar 4.1.77 Apache license 2.0 DI MDM
log4j:1.2.16 1.2.16 Apache license 2.0 DI Processor
Flink 1.15.3 Apache license 2.0 FlinkClosed Apache Flink is an open-source, unified stream-processing and batch-processing framework developed by the Apache Software Foundation. The core of Apache Flink is a distributed streaming data-flow engine written in Java and Scala. Flink executes arbitrary dataflow programs in a data-parallel and pipelined manner.
Kafka 2.13 Apache license 2.0 KafkaClosed Apache Kafka is a distributed event store and stream-processing platform. Apache Kafka is a distributed publish-subscribe messaging system. A message is any kind of information that is sent from a producer (application that sends the messages) to a consumer (application that receives the messages). Producers write their messages or data to Kafka topics. These topics are divided into partitions that function like logs. Each message is written to a partition and has a unique offset, or identifier. Consumers can specify a particular offset point where they can begin to read messages.
Zookeeper 3.4.6 Apache license 2.0 ZookeeperClosed Apache Zookeeper. An open-source server for highly reliable distributed coordination of cloud applications. It provides a centralized service for providing configuration information, naming, synchronization and group services over large clusters in distributed systems. The goal is to make these systems easier to manage with improved, more reliable propagation of changes.
Product Version License
Server side
HyperSQL 2.3.2 BSD
Client side
NoRedInk/elm-json-decode-pipeline 1.0.0 BSD-3-Clause
NoRedInk/elm-simple-fuzzy 1.0.3 BSD-3-Clause
arowM/html-extra 1.0.0 MIT
arturopala/elm-monocle 2.1.0 MIT
avh4/elm-color 1.0.0 BSD-3-Clause
cuducos/elm-format-number 7.0.0 BSD-3-Clause
debois/elm-dom 1.3.0 Apache-2.0
elm/browser 1.0.1 BSD-3-Clause
elm/core 1.0.2 BSD-3-Clause
elm/file 1.0.5 BSD-3-Clause
elm/html 1.0.0 BSD-3-Clause
elm/http 2.0.0 BSD-3-Clause
elm/json 1.1.3 BSD-3-Clause
elm/parser 1.1.0 BSD-3-Clause
elm/random 1.0.0 BSD-3-Clause
elm/svg 1.0.1 BSD-3-Clause
elm/time 1.0.0 BSD-3-Clause
elm/url 1.0.0 BSD-3-Clause
elm-community/list-extra 8.2.2 MIT
elm-community/maybe-extra 5.0.0 MIT
elm-community/string-extra 4.0.1 BSD-3-Clause
elm-community/typed-svg 5.1.0 BSD-3-Clause
elm-explorations/test 1.2.2 BSD-3-Clause
ggb/numeral-elm 1.4.3 MIT
jschomay/elm-paginate 3.1.1 BSD-3-Clause
myrho/elm-round 1.0.4 BSD-3-Clause
pablohirafuji/elm-syntax-highlight 3.1.1 Apache-2.0
rundis/elm-bootstrap 5.2.0 BSD-3-Clause
ryannhg/date-format 2.3.0 BSD-3-Clause
sporto/elm-select 3.1.3 MIT
terezka/line-charts 2.0.0 BSD-3-Clause
arowM/elm-html-extra-internal 1.1.0 MIT
arowM/elm-html-internal 1.0.0 MIT
arowM/html 1.0.1 MIT
elm/bytes 1.0.8 BSD-3-Clause
elm/regex 1.0.0 BSD-3-Clause
elm/virtual-dom 1.0.2 BSD-3-Clause
elm-community/html-extra 3.3.0 MIT
folkertdev/elm-deque 3.0.1 BSD-3-Clause
folkertdev/one-true-path-experiment 4.0.3 BSD-3-Clause
folkertdev/svg-path-lowlevel 3.0.0 BSD-3-Clause
ianmackenzie/elm-float-extra 1.1.0 MPL-2.0
ianmackenzie/elm-geometry 1.2.1 MPL-2.0
ianmackenzie/elm-interval 1.0.1 MPL-2.0
ianmackenzie/elm-triangular-mesh 1.0.4 MPL-2.0
jschomay/elm-bounded-number 2.1.1 BSD-3-Clause
justinmimbs/date 3.1.2 BSD-3-Clause
justinmimbs/time-extra 1.1.0 BSD-3-Clause
bootstrap 4.3.1 MIT
Font Awesome 4.7.0 MIT
ionicons 2.0.1 MIT
Heebo font   Open Font License
Rubik font   Open Font License
highlight 9.8.0 BSD-3
jquery 3.3.1 MIT
popper 1.14.7 MIT
Product Version License Component
Castle   Apache2 Remoting
Product Version License Component
JSONDoc 1.0.9 MIT RESTClosed REpresentational State Transfer. Application Programming Interface An API, or application programming interface, is a set of rules that define how applications or devices can connect to and communicate with each other. A REST API is an API that conforms to the design principles of the REST, or representational state transfer architectural style.
Guava 15.0 Apache 2 REST
Apache POI 4.1.2 Apache 2 GS-UI
Javassist 3.18.2 Apache 2 REST
log4j 1.2.17 Apache 2 REST
Reflections 0.9.9 WTFPL REST
Jackson 2.9,9 Apache2 REST
JLine 3.11 BSD CLI
Jansi 1.18 BSD CLI
Picocli 3.9.5 Apache2 CLI

Calcite

(see note below)

1.25.0 Apache API component available via a data-grid API, SpaceDeckClosed GigaSpaces intuitive, streamlined user interface to set up, manage and control their environment. Using SpaceDeck, users can define the tools to bring legacy System of Record (SoR) databases into the in-memory data grid that is the core of the GigaSpaces system., REST, CLI and xap-dgw

Calcite 1.25.0 known vulnerabilities are CVE-2022-39135 and CVE-2020-13955.

  • CVE-2022-39135 is an XML External Entity (XEE) vulnerability that allows an SQL query to read the contents of files via the SQL functions of EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM or EXTRACT_VALUE.

GigaSpaces Analysis: GigaSpaces is NOT affected by this vulnerability as we do not expose these SQL operators to clients.

  • CVE-2020-13955 is a vulnerability which exploits a utility class provided by Apache Calcite (HttpUtils#getURLConnection) to create vulnerable HTTPS connections for other applications by disabling verification.

GigaSpaces Analysis: GigaSpaces is NOT affected by this vulnerability as we do not use this utility method to create HTTP connections, using instead the default JVMClosed Java Virtual Machine. A virtual machine that enables a computer to run Java programs as well as programs written in other languages that are also compiled to Java bytecode. truststore.