Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updates to OpenSearch dependencies and other dependencies for CVE fixes #3689

Merged
merged 1 commit into from
Nov 27, 2023
Merged

Updates to OpenSearch dependencies and other dependencies for CVE fixes #3689

merged 1 commit into from
Nov 27, 2023

Conversation

dlvenable
Copy link
Member

Description

Updates the opensearch-java client to 2.8.1 and opensearch to 1.3.13. This includes a transitive dependency update to parsson to resolve CVE-2023-4043.

Update required version of org.json library to resolve CVE-2023-5072. Require a Zookeeper version which resolves CVE-2023-44981. Require a transitive Scala library to resolve CVE-2023-46122.

Issues Resolved

Resolves #3588, #3522, #3491, #3547

Check List

  • New functionality includes testing.
  • New functionality has a documentation issue. Please link to it in this PR.
    • New functionality has javadoc added
  • Commits are signed with a real name per the DCO

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@dlvenable
Updates the opensearch-java client to 2.8.1 and opensearch to 1.3.13.…
79cda55 
… This includes a transitive dependency update to parsson to resolve CVE-2023-4043.

Update required version of org.json library to resolve CVE-2023-5072. Require a Zookeeper version which resolves CVE-2023-44981. Require a transitive Scala library to resolve CVE-2023-46122.

Resolves opensearch-project#3588, opensearch-project#3522, opensearch-project#3491, opensearch-project#3547

Signed-off-by: David Venable <dlv@amazon.com>
@dlvenable dlvenable merged commit 37e18a5 into opensearch-project:main Nov 27, 2023
69 of 70 checks passed
@dlvenable dlvenable deleted the cves-2023-11 branch November 27, 2023 21:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chenqi0805 chenqi0805 chenqi0805 approved these changes

@oeyh oeyh oeyh approved these changes

@engechas engechas Awaiting requested review from engechas engechas is a code owner

@graytaylor0 graytaylor0 Awaiting requested review from graytaylor0 graytaylor0 is a code owner

@dinujoh dinujoh Awaiting requested review from dinujoh dinujoh is a code owner

@kkondaka kkondaka Awaiting requested review from kkondaka kkondaka is a code owner

@asifsmohammed asifsmohammed Awaiting requested review from asifsmohammed

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CVE-2023-4043 (High) detected in parsson-1.1.2.jar
3 participants
@dlvenable @oeyh @chenqi0805