Skip to content

[OWASP] Update mariadb-jdbc dependency and add suppression rule #14593

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lhotari merged 1 commit into from
Mar 8, 2022
Merged

[OWASP] Update mariadb-jdbc dependency and add suppression rule #14593

lhotari merged 1 commit into from
Mar 8, 2022

Conversation

@nodece
Copy link
Member

@nodece nodece commented Mar 8, 2022
edited
Loading

Signed-off-by: Zixuan Liu nodeces@gmail.com

Motivation

Fix OWASP Dependency Check / owasp-dep-check CI:

Error:  Failed to execute goal org.owasp:dependency-check-maven:6.1.6:aggregate (default) on project pulsar: 
Error:  
Error:  One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0': 
Error:  
Error:  mariadb-java-client-2.6.0.jar: CVE-2020-28912, CVE-2021-46669, CVE-2021-46666, CVE-2021-46667
Error:  
Error:  See the dependency-check report for more details.
Error:  -> [Help 1]
Error:  
Error:  To see the full stack trace of the errors, re-run Maven with the -e switch.
Error:  Re-run Maven using the -X switch to enable full debug logging.
Error:  
Error:  For more information about the errors and possible solutions, please read the following articles:
Error:  [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
Error:  
Error:  After correcting the problems, you can resume the build with the command
Error:    mvn <args> -rf :pulsar
Error: Process completed with exit code 1.

Modifications

  • Upgrade mariadb-jdbc from 2.6.0 to 2.7.5
  • Add mariadb-jdbc to owasp-dependency-check-suppressions.xml

Documentation

  • no-need-doc
    Update dependencies

@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Mar 8, 2022
@nodece
Copy link
Member Author

nodece commented Mar 8, 2022

/pulsarbot rerun-failure-checks

@nodece
[OWASP] Update mariadb-jdbc dependency and add suppression rule
809d695 
Signed-off-by: Zixuan Liu <nodeces@gmail.com>
@nodece nodece force-pushed the update_mariadb_jdbc branch from b958007 to 809d695 Compare March 8, 2022 04:01
@nodece nodece changed the title [Dependencies] Update mariadb-jdbc [OWASP] Update mariadb-jdbc dependency and add suppression rule Mar 8, 2022
@nodece
Copy link
Member Author

nodece commented Mar 8, 2022

This PR duplication with #14511.

@codelipenghui codelipenghui added this to the 2.11.0 milestone Mar 8, 2022
@lhotari lhotari mentioned this pull request Mar 8, 2022
Closed
@lhotari lhotari merged commit 3c5698a into apache:master Mar 8, 2022
codelipenghui pushed a commit that referenced this pull request Mar 12, 2022
@nodece @codelipenghui
[OWASP] Update mariadb-jdbc dependency and add suppression rule (#14593)
d3af1ae 
Signed-off-by: Zixuan Liu <nodeces@gmail.com>
(cherry picked from commit 3c5698a)
@codelipenghui codelipenghui modified the milestones: 2.11.0, 2.10.0 Mar 12, 2022
Nicklee007 pushed a commit to Nicklee007/pulsar that referenced this pull request Apr 20, 2022
@nodece
[OWASP] Update mariadb-jdbc dependency and add suppression rule (apac…
8f168a0 
…he#14593)

Signed-off-by: Zixuan Liu <nodeces@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lhotari lhotari lhotari approved these changes

@codelipenghui codelipenghui codelipenghui approved these changes

@hezhangjian hezhangjian hezhangjian approved these changes

@gaoran10 gaoran10 gaoran10 approved these changes

Assignees

@nodece nodece

Labels

doc-not-needed Your PR changes do not impact docs

Projects

None yet

Milestone

2.10.0

Development

Successfully merging this pull request may close these issues.

5 participants

@nodece @lhotari @codelipenghui @hezhangjian @gaoran10