Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: fix some security vulnerabilities #4650

Merged
merged 7 commits into from Jun 5, 2022
Merged

security: fix some security vulnerabilities #4650

merged 7 commits into from Jun 5, 2022

Conversation

slievrly
Copy link
Member

@slievrly slievrly commented May 28, 2022
edited

Signed-off-by: slievrly slievrly@163.com

  • I have registered the PR changes.

Ⅰ. Describe what this PR did

fix some security vulnerabilities

https://github.com/alibaba/fastjson/releases/tag/1.2.83

CVE-2022-22965
https://avd.aliyun.com/detail?spm=gondor.gondorBizOwner.0.0.38713fefX9aGD8&id=AVD-2022-1124599

Ⅱ. Does this pull request fix one issue?

Ⅲ. Why don't you add test cases (unit test/integration test)?

Ⅳ. Describe how to verify it

Ⅴ. Special notes for reviews

@slievrly
security: fix some security vulnerabilities
059d929 
Signed-off-by: slievrly <slievrly@163.com>
funky-eyes
funky-eyes approved these changes May 28, 2022
View reviewed changes
Copy link
Contributor

@funky-eyes funky-eyes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 版本号改一下吧是1.5.2-SNAPSHOT还是2.0.0-SNAPSHOT?

@codecov-commenter
Copy link

codecov-commenter commented Jun 5, 2022
edited

Codecov Report

Merging #4650 (0046870) into develop (959bd90) will decrease coverage by 0.58%.
The diff coverage is n/a.

Impacted file tree graph

@@              Coverage Diff              @@
##             develop    #4650      +/-   ##
=============================================
- Coverage      49.03%   48.44%   -0.59%     
+ Complexity      4056     4022      -34     
=============================================
  Files            734      734              
  Lines          25577    25577              
  Branches        3156     3156              
=============================================
- Hits           12542    12392     -150     
- Misses         11699    11851     +152     
+ Partials        1336     1334       -2
Impacted Files Coverage Δ
...java/io/seata/server/metrics/MeterIdConstants.java 0.00% <0.00%> (-100.00%) ⬇️
...va/io/seata/server/console/vo/GlobalSessionVO.java 22.05% <0.00%> (-33.83%) ⬇️
...ava/io/seata/server/metrics/MetricsSubscriber.java 14.78% <0.00%> (-14.79%) ⬇️
...java/io/seata/server/storage/SessionConverter.java 80.00% <0.00%> (-9.10%) ⬇️
.../java/io/seata/server/coordinator/DefaultCore.java 45.78% <0.00%> (-4.82%) ⬇️
...o/seata/server/coordinator/DefaultCoordinator.java 44.48% <0.00%> (-4.49%) ⬇️
...rage/redis/store/RedisTransactionStoreManager.java 63.87% <0.00%> (-3.76%) ⬇️
...in/java/io/seata/server/session/GlobalSession.java 80.62% <0.00%> (-1.56%) ⬇️
...io/seata/core/rpc/netty/AbstractNettyRemoting.java 12.98% <0.00%> (-1.30%) ⬇️
...tasource/sql/struct/cache/MysqlTableMetaCache.java 78.88% <0.00%> (-1.12%) ⬇️
... and 4 more

@slievrly
upgrade spring version
dca1d62 
Signed-off-by: slievrly <slievrly@163.com>
@slievrly
Merge branch 'develop_22_05_28' of github.com:slievrly/seata into dev…
1c0d9ad 
…elop_22_05_28
@slievrly
upgrade spring version
57adeac 
Signed-off-by: slievrly <slievrly@163.com>
@slievrly
change log
0046870 
Signed-off-by: slievrly <slievrly@163.com>
@slievrly slievrly merged commit 8ac7503 into apache:develop Jun 5, 2022
@slievrly slievrly deleted the develop_22_05_28 branch June 5, 2022 18:11
liuqiufeng pushed a commit to liuqiufeng/seata that referenced this pull request Jun 11, 2022
@slievrly @liuqiufeng
security: fix some security vulnerabilities (apache#4650)
8029a5a
@slievrly slievrly mentioned this pull request Jun 16, 2022
Closed
@slievrly slievrly added this to the 1.5.2 milestone Jun 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@funky-eyes funky-eyes funky-eyes approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Security vulnerabilities(dependency v...
Finish
Milestone
1.5.2
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@slievrly @codecov-commenter @funky-eyes