Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 2.x] Fixes CVE-2022-42920 by forcing bcel version to resovle to 6.6 #2302

Merged
merged 1 commit into from
Dec 6, 2022
Merged

[Backport 2.x] Fixes CVE-2022-42920 by forcing bcel version to resovle to 6.6 #2302

merged 1 commit into from
Dec 6, 2022

Conversation

cwperks
Copy link
Member

@cwperks cwperks commented Dec 6, 2022

Backport of #2275 to 2.x

@cwperks
[Backport 2.x] Fixes CVE-2022-42920 by forcing bcel version to resovl…
2af6be9 
…e to 6.6

Signed-off-by: Craig Perkins <cwperx@amazon.com>
@cwperks cwperks requested a review from a team December 6, 2022 18:10
@codecov-commenter
Copy link

codecov-commenter commented Dec 6, 2022
edited
Loading

Codecov Report

Merging #2302 (2af6be9) into 2.x (b908b89) will decrease coverage by 0.06%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##                2.x    #2302      +/-   ##
============================================
- Coverage     61.07%   61.00%   -0.07%     
+ Complexity     3249     3244       -5     
============================================
  Files           258      258              
  Lines         18125    18125              
  Branches       3231     3231              
============================================
- Hits          11069    11058      -11     
- Misses         5486     5493       +7     
- Partials       1570     1574       +4
Impacted Files Coverage Δ
...ecurity/configuration/StaticResourceException.java 0.00% <0.00%> (-25.00%) ⬇️
...nsearch/security/dlic/rest/api/AuditApiAction.java 63.82% <0.00%> (-4.26%) ⬇️
.../dlic/auth/ldap2/LDAPConnectionFactoryFactory.java 57.46% <0.00%> (-1.50%) ⬇️
...ensearch/security/compliance/ComplianceConfig.java 81.94% <0.00%> (-1.39%) ⬇️
...a/org/opensearch/security/tools/SecurityAdmin.java 35.63% <0.00%> (-0.37%) ⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@peternied peternied merged commit 895d323 into opensearch-project:2.x Dec 6, 2022
wuychn pushed a commit to ochprince/security that referenced this pull request Mar 16, 2023
@cwperks
[Backport 2.x] Fixes CVE-2022-42920 by forcing bcel version to resovl…
fe57b96 
…e to 6.6 (opensearch-project#2302)

Signed-off-by: Craig Perkins <cwperx@amazon.com>

Signed-off-by: Craig Perkins <cwperx@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidlago davidlago davidlago approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@cwperks @codecov-commenter @davidlago @peternied