Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump up commons-compress to 1.26.0 to fix CVE #12604

Closed
wants to merge 7 commits into from
Closed

Bump up commons-compress to 1.26.0 to fix CVE #12604

wants to merge 7 commits into from

Conversation

amkhar
Copy link
Contributor

@amkhar amkhar commented Mar 12, 2024

Description

Bump common-compress package to 1.26 to fix CVE

https://nvd.nist.gov/vuln/detail/CVE-2024-26308 NVD / Published Date:02/19/2024
https://nvd.nist.gov/vuln/detail/CVE-2024-25710 NVD / Published Date: 02/19/2024

Check List

- [ ] New functionality includes testing.
- [ ] All tests pass
- [ ] New functionality has been documented.
- [ ] New functionality has javadoc added

  • Failing checks are inspected and point to the corresponding known issue(s) (See: Troubleshooting Failing Builds)
  • Commits are signed per the DCO using --signoff
  • Commit changes are listed out in CHANGELOG.md file (See: Changelog)
    - [ ] Public documentation issue/PR created

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Bump up commons-compress to 1.26.0 to fix CVE
c98e924 
Signed-off-by: Aman Khare <amkhar@amazon.com>
Change log entry
a5f1c8c 
Signed-off-by: Aman Khare <amkhar@amazon.com>
@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for c98e924: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for a5f1c8c: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 12, 2024
edited
Loading

Compatibility status:

Checks if related components are compatible with change 630de5b

Incompatible components

Incompatible components: [https://github.com/opensearch-project/job-scheduler.git]

Skipped components

Compatible components

Compatible components: [https://github.com/opensearch-project/custom-codecs.git, https://github.com/opensearch-project/flow-framework.git, https://github.com/opensearch-project/neural-search.git, https://github.com/opensearch-project/cross-cluster-replication.git, https://github.com/opensearch-project/security-analytics.git, https://github.com/opensearch-project/k-nn.git, https://github.com/opensearch-project/observability.git, https://github.com/opensearch-project/opensearch-oci-object-storage.git, https://github.com/opensearch-project/asynchronous-search.git, https://github.com/opensearch-project/geospatial.git, https://github.com/opensearch-project/notifications.git, https://github.com/opensearch-project/reporting.git, https://github.com/opensearch-project/anomaly-detection.git, https://github.com/opensearch-project/common-utils.git, https://github.com/opensearch-project/index-management.git, https://github.com/opensearch-project/ml-commons.git, https://github.com/opensearch-project/sql.git, https://github.com/opensearch-project/performance-analyzer-rca.git, https://github.com/opensearch-project/alerting.git, https://github.com/opensearch-project/security.git, https://github.com/opensearch-project/performance-analyzer.git]

Aman Khare added 2 commits March 12, 2024 12:02
@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for c0a659e: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

Update commons-codec and commons-lang3 dependencies also
4588429 
Signed-off-by: Aman Khare <amkhar@amazon.com>
@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for 4588429: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

Upgrade commons-codec to 1.16.1
1afd6f5 
Signed-off-by: Aman Khare <amkhar@amazon.com>
@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for 1afd6f5: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

Merge remote-tracking branch 'origin/main' into cve
630de5b 
Signed-off-by: Aman Khare <amkhar@amazon.com>
@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for 630de5b: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for 630de5b: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

This was referenced Mar 12, 2024
Closed
Merged
@sandeshkr419
Copy link
Contributor

sandeshkr419 commented Mar 12, 2024
edited
Loading

@amkhar Following up on your errors in tests/CI on #12627 by pulling your changes.

Will close this PR if #12627 succeeds.

@sandeshkr419 sandeshkr419 added duplicate This issue or pull request already exists CVE Fixes a CVE labels Mar 13, 2024
@sandeshkr419
Copy link
Contributor

@amkhar Closing this PR for now, since keeping this #12627 open. Please re-open if you plan to continue working on this further.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abbashus abbashus Awaiting requested review from abbashus

@adnapibar adnapibar Awaiting requested review from adnapibar

@anasalkouz anasalkouz Awaiting requested review from anasalkouz anasalkouz is a code owner

@andrross andrross Awaiting requested review from andrross andrross is a code owner

@Bukhtawar Bukhtawar Awaiting requested review from Bukhtawar Bukhtawar is a code owner

@CEHENKLE CEHENKLE Awaiting requested review from CEHENKLE CEHENKLE is a code owner

@dblock dblock Awaiting requested review from dblock dblock is a code owner

@dbwiddis dbwiddis Awaiting requested review from dbwiddis dbwiddis is a code owner

@dreamer-89 dreamer-89 Awaiting requested review from dreamer-89

@gbbafna gbbafna Awaiting requested review from gbbafna gbbafna is a code owner

@kotwanikunal kotwanikunal Awaiting requested review from kotwanikunal kotwanikunal is a code owner

@mch2 mch2 Awaiting requested review from mch2 mch2 is a code owner

@msfroh msfroh Awaiting requested review from msfroh msfroh is a code owner

@owaiskazi19 owaiskazi19 Awaiting requested review from owaiskazi19 owaiskazi19 is a code owner

@reta reta Awaiting requested review from reta reta is a code owner

@Rishikesh1159 Rishikesh1159 Awaiting requested review from Rishikesh1159 Rishikesh1159 is a code owner

@ryanbogan ryanbogan Awaiting requested review from ryanbogan

@sachinpkale sachinpkale Awaiting requested review from sachinpkale sachinpkale is a code owner

@saratvemulapalli saratvemulapalli Awaiting requested review from saratvemulapalli saratvemulapalli is a code owner

@shwetathareja shwetathareja Awaiting requested review from shwetathareja shwetathareja is a code owner

@sohami sohami Awaiting requested review from sohami sohami is a code owner

@tlfeng tlfeng Awaiting requested review from tlfeng

@VachaShah VachaShah Awaiting requested review from VachaShah VachaShah is a code owner

Assignees
No one assigned
Labels
CVE Fixes a CVE duplicate This issue or pull request already exists
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@amkhar @sandeshkr419