Address CVE-2020-8570, suppress CVE-2020-8554#10826
Merged
jihoonson merged 2 commits intoapache:masterfrom Feb 3, 2021
Merged
Conversation
jihoonson
approved these changes
Feb 2, 2021
maytasm
approved these changes
Feb 2, 2021
Contributor
|
The leadership integration test failures should be fixed by #10846. I'm merging this PR to unblock other PRs from getting merged. |
jon-wei
added a commit
to jon-wei/druid
that referenced
this pull request
Feb 11, 2021
* move integration tests from ZooKeeper 3.4.x to 3.5.x (apache#10786) * move integration tests from ZooKeeper 3.4.x to 3.5.x * run a subset of our integration tests with ZK 3.4 for backwards compatibility testing. * remove need to build separate docker-base image - use multi-stage build for the base image - use openjdk base image instead of building our own JDK base - workaround Debian not including MySQL by using MariaDB - download mysql connector directly instead of using distro version * fix incorrect openssl command failing on Debian * keep mysql connector version in sync with pom version * K8s IT Test enhance (apache#10785) * do build and stop action in IT * change base dir from druidHome to druidHome/integration-tests * add env DRUID_HOME * bug fix * modify stop_sh * ready to test * bug fix * modify dir * tested on dev * modify dir * move DRUID_HOME env * done Co-authored-by: yuezhang <yuezhang@freewheel.tv> * Update NOTICE copyright year (apache#10834) the future is now * Cleanup openssl fixes to keep certs * Address CVE-2020-8570, suppress CVE-2020-8554 (apache#10826) * Address CVE-2020-8570, suppress CVE-2020-8554 * Update licenses.yaml * wget debug * Suppress CVE-2020-9492 for hadoop-mapreduce-client-core (apache#10847) * Revert "wget debug" This reverts commit 5b81c33b4728420e2312b3c919b7de9c1b4da589. * Add MYSQL_VERSION env variable in integration-tests-imply tests * Increase heap to 64m for custom node (apache#10846) * Fix CVE-2021-25646 (apache#10818) * Add ZK_VERSION env variable Co-authored-by: Xavier Léauté <xvrl@apache.org> Co-authored-by: zhangyue19921010 <69956021+zhangyue19921010@users.noreply.github.com> Co-authored-by: yuezhang <yuezhang@freewheel.tv> Co-authored-by: Clint Wylie <cwylie@apache.org> Co-authored-by: Slava Mogilevsky <triggerwoods91@gmail.com> Co-authored-by: Jihoon Son <jihoonson@apache.org>
jihoonson
pushed a commit
to jihoonson/druid
that referenced
this pull request
Apr 14, 2021
* Address CVE-2020-8570, suppress CVE-2020-8554 * Update licenses.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The dependency check currently fails on the kubernetes extension due to the CVEs in the title.
This PR:
This PR has: