Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AIRFLOW-XXX] Fix CVE-2019-11358 #5197

Merged
merged 1 commit into from
Apr 28, 2019
Merged

[AIRFLOW-XXX] Fix CVE-2019-11358 #5197

merged 1 commit into from
Apr 28, 2019

Conversation

feng-tao
Copy link
Member

@feng-tao feng-tao commented Apr 28, 2019
edited

Fix CVE-2019-11358 for jquery CVE issue.

CVE-2019-11358 More information
moderate severity
Vulnerable versions: < 3.4.0
Patched version: 3.4.0
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

@feng-tao
Copy link
Member Author

cc @XD-DENG , @kaxil , @potiuk

@codecov-io
Copy link

Codecov Report

Merging #5197 into master will increase coverage by 0.26%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #5197      +/-   ##
==========================================
+ Coverage   78.27%   78.54%   +0.26%     
==========================================
  Files         469      469              
  Lines       29896    29896              
==========================================
+ Hits        23402    23482      +80     
+ Misses       6494     6414      -80
Impacted Files Coverage Δ
airflow/models/taskinstance.py 92.42% <0%> (-0.18%) ⬇️
airflow/hooks/dbapi_hook.py 88.79% <0%> (+0.86%) ⬆️
airflow/models/connection.py 65.73% <0%> (+1.12%) ⬆️
airflow/hooks/hive_hooks.py 74.93% <0%> (+1.86%) ⬆️
airflow/utils/sqlalchemy.py 80.95% <0%> (+4.76%) ⬆️
airflow/operators/mysql_operator.py 100% <0%> (+100%) ⬆️
airflow/operators/mysql_to_hive.py 100% <0%> (+100%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update df18b02...b9beb58. Read the comment docs.

1 similar comment
@codecov-io
Copy link

Codecov Report

Merging #5197 into master will increase coverage by 0.26%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #5197      +/-   ##
==========================================
+ Coverage   78.27%   78.54%   +0.26%     
==========================================
  Files         469      469              
  Lines       29896    29896              
==========================================
+ Hits        23402    23482      +80     
+ Misses       6494     6414      -80
Impacted Files Coverage Δ
airflow/models/taskinstance.py 92.42% <0%> (-0.18%) ⬇️
airflow/hooks/dbapi_hook.py 88.79% <0%> (+0.86%) ⬆️
airflow/models/connection.py 65.73% <0%> (+1.12%) ⬆️
airflow/hooks/hive_hooks.py 74.93% <0%> (+1.86%) ⬆️
airflow/utils/sqlalchemy.py 80.95% <0%> (+4.76%) ⬆️
airflow/operators/mysql_operator.py 100% <0%> (+100%) ⬆️
airflow/operators/mysql_to_hive.py 100% <0%> (+100%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update df18b02...b9beb58. Read the comment docs.

@XD-DENG XD-DENG merged commit 05cc636 into apache:master Apr 28, 2019
@XD-DENG
Copy link
Member

XD-DENG commented Apr 28, 2019

Thanks @feng-tao !

@feng-tao
Copy link
Member Author

thanks @XD-DENG :)

@feng-tao feng-tao deleted the tfeng_fix_cve branch April 28, 2019 06:11
ashb pushed a commit that referenced this pull request Jun 7, 2019
@ashb
[AIRFLOW-XXX] Fix CVE-2019-11358 (#5197)
f95b051 
(cherry picked from commit 05cc636)
andriisoldatenko pushed a commit to andriisoldatenko/airflow that referenced this pull request Jul 26, 2019
@andriisoldatenko
[AIRFLOW-XXX] Fix CVE-2019-11358 (apache#5197)
0a2490c
wmorris75 pushed a commit to modmed/incubator-airflow that referenced this pull request Jul 29, 2019
[AIRFLOW-XXX] Fix CVE-2019-11358 (apache#5197)
50452c9
dharamsk pushed a commit to postmates/airflow that referenced this pull request Aug 8, 2019
@dharamsk
[AIRFLOW-XXX] Fix CVE-2019-11358 (apache#5197)
d9683a0 
(cherry picked from commit 05cc636)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@XD-DENG XD-DENG XD-DENG approved these changes

@potiuk potiuk Awaiting requested review from potiuk

@kaxil kaxil Awaiting requested review from kaxil

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@feng-tao @codecov-io @XD-DENG