Skip to content

[fix][sec] File tiered storage: upgrade jettison to get rid of CVE-2022-40149 #18022

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nicoloboschi merged 2 commits into from
Oct 17, 2022
Merged

[fix][sec] File tiered storage: upgrade jettison to get rid of CVE-2022-40149 #18022

nicoloboschi merged 2 commits into from
Oct 17, 2022

Conversation

@nicoloboschi
Copy link
Contributor

@nicoloboschi nicoloboschi commented Oct 12, 2022

Motivation

In the file tiered storage the hadoop dependency brings in a vulnerable version of jettison (CVE-2022-40149).
It has been already fixed in the nightly version without any code change (https://github.com/apache/hadoop/pull/4937/files)

Modifications

  • doc-not-needed

@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Oct 12, 2022
@nicoloboschi nicoloboschi mentioned this pull request Oct 12, 2022
Closed
eolivelli
eolivelli approved these changes Oct 17, 2022
View reviewed changes
Copy link
Contributor

@eolivelli eolivelli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Technoboy- Technoboy- added area/dependency Pull requests that update a dependency file ready-to-test labels Oct 17, 2022
@Technoboy- Technoboy- added this to the 2.12.0 milestone Oct 17, 2022
@Technoboy- Technoboy- closed this Oct 17, 2022
@Technoboy- Technoboy- reopened this Oct 17, 2022
@codecov-commenter
Copy link

codecov-commenter commented Oct 17, 2022

Codecov Report

❗ No coverage uploaded for pull request base (master@92b4708). Click here to learn what that means.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master   #18022   +/-   ##
=========================================
  Coverage          ?   44.95%           
  Complexity        ?    16968           
=========================================
  Files             ?     1548           
  Lines             ?   126073           
  Branches          ?    13870           
=========================================
  Hits              ?    56682           
  Misses            ?    63522           
  Partials          ?     5869
Flag Coverage Δ
unittests 44.95% <0.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

@nicoloboschi nicoloboschi merged commit 9acafc9 into apache:master Oct 17, 2022
nicoloboschi added a commit that referenced this pull request Oct 18, 2022
@nicoloboschi
[fix][sec] File tiered storage: upgrade jettison to get rid of CVE-20…
c46d5dd 
…22-40149 (#18022)

* [fix][sec] File tiered storage: upgrade jettison to get rid of CVE-2022-40149

* fix

(cherry picked from commit 9acafc9)
nicoloboschi added a commit that referenced this pull request Oct 18, 2022
@nicoloboschi
[fix][sec] File tiered storage: upgrade jettison to get rid of CVE-20…
b97f6f6 
…22-40149 (#18022)

* [fix][sec] File tiered storage: upgrade jettison to get rid of CVE-2022-40149

* fix

(cherry picked from commit 9acafc9)
nicoloboschi added a commit that referenced this pull request Oct 18, 2022
@nicoloboschi
[fix][sec] File tiered storage: upgrade jettison to get rid of CVE-20…
b53bc51 
…22-40149 (#18022)

* [fix][sec] File tiered storage: upgrade jettison to get rid of CVE-2022-40149

* fix

(cherry picked from commit 9acafc9)
nicoloboschi added a commit to datastax/pulsar that referenced this pull request Oct 18, 2022
@nicoloboschi
[fix][sec] File tiered storage: upgrade jettison to get rid of CVE-20…
4119e54 
…22-40149 (apache#18022)

* [fix][sec] File tiered storage: upgrade jettison to get rid of CVE-2022-40149

* fix

(cherry picked from commit 9acafc9)
(cherry picked from commit b97f6f6)
mattisonchao added a commit that referenced this pull request Oct 19, 2022
@mattisonchao
Revert "[fix][sec] File tiered storage: upgrade jettison to get rid of
36a9d13 
…CVE-2022-40149 (#18022)"

This reverts commit b53bc51.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eolivelli eolivelli eolivelli approved these changes

@lhotari lhotari Awaiting requested review from lhotari

Assignees

@nicoloboschi nicoloboschi

Labels

area/dependency Pull requests that update a dependency file cherry-picked/branch-2.9 Archived: 2.9 is end of life cherry-picked/branch-2.10 cherry-picked/branch-2.11 doc-not-needed Your PR changes do not impact docs ready-to-test release/2.9.4 release/2.10.3 release/2.11.0

Projects

None yet

Milestone

3.0.0

Development

Successfully merging this pull request may close these issues.

4 participants

@nicoloboschi @codecov-commenter @eolivelli @Technoboy-