Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump mysql-connector-java to 8.0.23 (Fixes #5473) #5474

Merged
merged 2 commits into from
Apr 11, 2021
Merged

Bump mysql-connector-java to 8.0.23 (Fixes #5473) #5474

merged 2 commits into from
Apr 11, 2021

Conversation

Titaniumtown
Copy link
Contributor

@Titaniumtown Titaniumtown commented Apr 9, 2021
edited
Loading

This PR bumps mysql-connector-java to 8.0.23 due to 1 high and 1 medium level vulnerabilities being found affecting the current version of mysql-connector-java that Paper uses (5.1.49). Those vulnerabilities being Access Control Bypass and Privilege Escalation, respectively.

Testing needed with plugins that use mysql-connector-java to see if this version bump can break things.

@Titaniumtown Titaniumtown requested a review from a team as a code owner April 9, 2021 15:53
@Titaniumtown Titaniumtown changed the title Bump mysql-connector-java to 8.0.23 (fixes #5473) Bump mysql-connector-java to 8.0.23 (Fixes #5473) Apr 9, 2021
Proximyst
Proximyst approved these changes Apr 9, 2021
View reviewed changes
Copy link
Contributor

@Proximyst Proximyst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would like @MiniDigger review here, but looks good to me! As this is not API and even marked as runtime-only, I can't see an issue with just bumping it.

electronicboy
electronicboy approved these changes Apr 9, 2021
View reviewed changes
Copy link
Member

@electronicboy electronicboy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the connector is not API and no sane plugin should be interfacing with the connector directly, maybe wanna add a paper comment there just for patch noise but, generally, 👍

@electronicboy
Copy link
Member

rebase 🔪

@Titaniumtown
Copy link
Contributor Author

Rebased

@electronicboy electronicboy enabled auto-merge (squash) April 11, 2021 17:34
@electronicboy electronicboy merged commit d560151 into PaperMC:master Apr 11, 2021
@Titaniumtown Titaniumtown deleted the pr/update-mysql-connector branch April 11, 2021 17:46
ExcessiveAmountsOfZombies pushed a commit to ExcessiveAmountsOfZombies/Paper that referenced this pull request Apr 12, 2021
@Titaniumtown @ExcessiveAmountsOfZombies
Bump mysql-connector-java to 8.0.23 (Fixes PaperMC#5473) (PaperMC#5474)
0b4ea86
@resi23 resi23 mentioned this pull request Apr 12, 2021
Closed
@Codeloper Codeloper mentioned this pull request Apr 12, 2021
Closed
@Brokkonaut Brokkonaut mentioned this pull request Apr 13, 2021
Closed
@RoinujNosde RoinujNosde mentioned this pull request Apr 13, 2021
Merged
@SmallSansSerif SmallSansSerif mentioned this pull request Apr 14, 2021
Open
1 task
@pavog pavog mentioned this pull request Apr 15, 2021
Closed
@TheDGOfficial TheDGOfficial mentioned this pull request May 6, 2021
Open
@lerokko lerokko mentioned this pull request Jun 11, 2021
Closed
@James-P-Bennett James-P-Bennett mentioned this pull request Sep 18, 2021
Closed
3 tasks
@Skizzles Skizzles mentioned this pull request Nov 10, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@electronicboy electronicboy electronicboy approved these changes

@yannicklamprecht yannicklamprecht yannicklamprecht approved these changes

@Proximyst Proximyst Proximyst approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Titaniumtown @electronicboy @yannicklamprecht @Proximyst