Bump aws-encryption-sdk-java to fix CVE-2023-33201 #1309

b4sjoo · 2023-09-08T21:16:07Z

Description

Bump aws-encryption-sdk-java version to fix CVE-2023-33201

Check List

New functionality includes testing.
- All tests pass
New functionality has been documented.
- New functionality has javadoc added
Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Signed-off-by: Sicheng Song <sicheng.song@outlook.com>

codecov · 2023-09-08T22:22:40Z

Codecov Report

Merging #1309 (e876792) into main (8bd4158) will decrease coverage by 0.11%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##               main    #1309      +/-   ##
============================================
- Coverage     78.94%   78.84%   -0.11%     
+ Complexity     2144     2139       -5     
============================================
  Files           168      168              
  Lines          8740     8740              
  Branches        877      877              
============================================
- Hits           6900     6891       -9     
- Misses         1441     1450       +9     
  Partials        399      399

Flag	Coverage Δ
ml-commons	`78.84% <ø> (-0.11%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 3 files with indirect coverage changes

Signed-off-by: Sicheng Song <sicheng.song@outlook.com> (cherry picked from commit 0bdff8f)

Signed-off-by: Sicheng Song <sicheng.song@outlook.com> (cherry picked from commit 0bdff8f) Co-authored-by: Sicheng Song <sicheng.song@outlook.com>

* Add Auto Release Workflow (#1306) * Add Auto Release Workflow Signed-off-by: Sicheng Song <sicheng.song@outlook.com> * Fix release note address Signed-off-by: Sicheng Song <sicheng.song@outlook.com> --------- Signed-off-by: Sicheng Song <sicheng.song@outlook.com> * Bump aws-encryption-sdk-java to fix CVE-2023-33201 (#1309) Signed-off-by: Sicheng Song <sicheng.song@outlook.com> * Add release note for 2.10.0 release (#1312) * Add release note for 2.10.0 Signed-off-by: Sicheng Song <sicheng.song@outlook.com> * Add CVE fix Signed-off-by: Sicheng Song <sicheng.song@outlook.com> --------- Signed-off-by: Sicheng Song <sicheng.song@outlook.com> * fixing doc link (#1318) * fixing doc link Signed-off-by: Dhrubo Saha <dhrubo@amazon.com> * fixing indentation Signed-off-by: Dhrubo Saha <dhrubo@amazon.com> --------- Signed-off-by: Dhrubo Saha <dhrubo@amazon.com> * Fix unassigned ml system shard replicas (#1315) (#1324) * Fix unassigned ml system shard replicas * Adjust auto replica settings to keep it consistent with AOS default setting * Update plugin/src/main/java/org/opensearch/ml/indices/MLIndicesHandler.java * Modify exception handling * Modify exception messages * Add response check * Add response check and exception handling * Keep error message consistent * Keep error message consistent * Keep error message consistent --------- Signed-off-by: Sicheng Song <sicheng.song@outlook.com> Co-authored-by: Yaliang Wu <ylwu@amazon.com> * Adjust index replicas settings to keep consistent with AOS 2.9 (#1325) Signed-off-by: Sicheng Song <sicheng.song@outlook.com> * Make 2.10 release notes up to date (#1345) Signed-off-by: Sicheng Song <sicheng.song@outlook.com> * fix spelling (#1363) Signed-off-by: Kalyan <kalyan.ben10@live.com> * Add neural search default processor for non OpenAI/Cohere scenario (#1274) * Add neural search default pre/post process function support Signed-off-by: zane-neo <zaniu@amazon.com> * Fix UT failures Signed-off-by: zane-neo <zaniu@amazon.com> * Address PR comment to remove nonJson response case Signed-off-by: zane-neo <zaniu@amazon.com> * Fix low code coverage issue Signed-off-by: zane-neo <zaniu@amazon.com> * fix format issue Signed-off-by: zane-neo <zaniu@amazon.com> * Try to fix classNotFound issue in IT Signed-off-by: zane-neo <zaniu@amazon.com> * revert Try to fix classNotFound issue in IT Signed-off-by: zane-neo <zaniu@amazon.com> * Change gson dependency to compileOnly Signed-off-by: zane-neo <zaniu@amazon.com> * Change default pre/post process function name Signed-off-by: zane-neo <zaniu@amazon.com> * Address code review comments Signed-off-by: zane-neo <zaniu@amazon.com> * Make preprocess function to default Signed-off-by: zane-neo <zaniu@amazon.com> * Remove GsonUtil since there already a single instance in StringUtils Signed-off-by: zane-neo <zaniu@amazon.com> * Fix UT failures Signed-off-by: zane-neo <zaniu@amazon.com> * Address comments Signed-off-by: zane-neo <zaniu@amazon.com> * use import instead of fully qualified name Signed-off-by: zane-neo <zaniu@amazon.com> --------- Signed-off-by: zane-neo <zaniu@amazon.com> --------- Signed-off-by: Sicheng Song <sicheng.song@outlook.com> Signed-off-by: Dhrubo Saha <dhrubo@amazon.com> Signed-off-by: Kalyan <kalyan.ben10@live.com> Signed-off-by: zane-neo <zaniu@amazon.com> Co-authored-by: Sicheng Song <sicheng.song@outlook.com> Co-authored-by: Dhrubo Saha <dhrubo@amazon.com> Co-authored-by: Yaliang Wu <ylwu@amazon.com> Co-authored-by: Kalyan <kalyan.ben10@live.com>

Bump aws-encryption-sdk-java to fix CVE-2023-33201

e876792

Signed-off-by: Sicheng Song <sicheng.song@outlook.com>

b4sjoo requested review from dhrubo-os, jngz-es, model-collapse, rbhavna, wujunshen, ylwu-amzn, zane-neo and Zhangxunmt as code owners September 8, 2023 21:16

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 21:16 — with GitHub Actions Error

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 21:16 — with GitHub Actions Failure

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 21:16 — with GitHub Actions Error

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 21:16 — with GitHub Actions Failure

b4sjoo added backport 2.x backport 2.10 labels Sep 8, 2023

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 21:32 — with GitHub Actions Error

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 21:32 — with GitHub Actions Failure

b4sjoo temporarily deployed to ml-commons-cicd-env September 8, 2023 21:32 — with GitHub Actions Inactive

jngz-es approved these changes Sep 8, 2023

View reviewed changes

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 21:51 — with GitHub Actions Failure

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 21:51 — with GitHub Actions Error

b4sjoo temporarily deployed to ml-commons-cicd-env September 8, 2023 21:51 — with GitHub Actions Inactive

b4sjoo temporarily deployed to ml-commons-cicd-env September 8, 2023 22:03 — with GitHub Actions Inactive

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 22:03 — with GitHub Actions Failure

b4sjoo temporarily deployed to ml-commons-cicd-env September 8, 2023 22:03 — with GitHub Actions Inactive

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 22:03 — with GitHub Actions Error

b4sjoo temporarily deployed to ml-commons-cicd-env September 8, 2023 22:22 — with GitHub Actions Inactive

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 22:22 — with GitHub Actions Failure

b4sjoo temporarily deployed to ml-commons-cicd-env September 8, 2023 22:22 — with GitHub Actions Inactive

b4sjoo had a problem deploying to ml-commons-cicd-env September 8, 2023 22:22 — with GitHub Actions Failure

dhrubo-os approved these changes Sep 8, 2023

View reviewed changes

b4sjoo merged commit 0bdff8f into opensearch-project:main Sep 8, 2023

b4sjoo deleted the main_note branch September 8, 2023 22:30

opensearch-trigger-bot bot pushed a commit that referenced this pull request Sep 8, 2023

Bump aws-encryption-sdk-java to fix CVE-2023-33201 (#1309)

257cd36

Signed-off-by: Sicheng Song <sicheng.song@outlook.com> (cherry picked from commit 0bdff8f)

This was referenced Sep 8, 2023

[Backport 2.x] Bump aws-encryption-sdk-java to fix CVE-2023-33201 #1310

Merged

[Backport 2.10] Bump aws-encryption-sdk-java to fix CVE-2023-33201 #1311

Merged

opensearch-trigger-bot bot pushed a commit that referenced this pull request Sep 8, 2023

Bump aws-encryption-sdk-java to fix CVE-2023-33201 (#1309)

d39e8f9

Signed-off-by: Sicheng Song <sicheng.song@outlook.com> (cherry picked from commit 0bdff8f)

b4sjoo added a commit that referenced this pull request Sep 8, 2023

Bump aws-encryption-sdk-java to fix CVE-2023-33201 (#1309) (#1310)

f30fb8e

Signed-off-by: Sicheng Song <sicheng.song@outlook.com> (cherry picked from commit 0bdff8f) Co-authored-by: Sicheng Song <sicheng.song@outlook.com>

b4sjoo added a commit that referenced this pull request Sep 8, 2023

Bump aws-encryption-sdk-java to fix CVE-2023-33201 (#1309) (#1311)

14dd7ee

Signed-off-by: Sicheng Song <sicheng.song@outlook.com> (cherry picked from commit 0bdff8f) Co-authored-by: Sicheng Song <sicheng.song@outlook.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump aws-encryption-sdk-java to fix CVE-2023-33201 #1309

Bump aws-encryption-sdk-java to fix CVE-2023-33201 #1309

b4sjoo commented Sep 8, 2023 •

edited

Loading

codecov bot commented Sep 8, 2023

Bump aws-encryption-sdk-java to fix CVE-2023-33201 #1309

Bump aws-encryption-sdk-java to fix CVE-2023-33201 #1309

Conversation

b4sjoo commented Sep 8, 2023 • edited Loading

Description

Check List

codecov bot commented Sep 8, 2023

Codecov Report

b4sjoo commented Sep 8, 2023 •

edited

Loading