New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KAFKA-16210: Update jose4j to 0.9.4 #15284
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggestion, when upgrading dependencies, please add the diff of the changes and explanation on why the upgrade is backward compatible etc.
In this case https://bitbucket.org/b_c/jose4j/wiki/Release%20Notes is the release notes for this dependency.
Seems like we are adding a constraint to limit (to a reasonable default) the computational resource that this algorithm can use. Sounds fair to me.
the CI tests that are failing are unrelated since they don't use SASL (which is impacted by this dependency) |
Co-authored-by: Mike Lloyd <mike.lloyd@teradata.com> Reviewers: Divij Vaidya <diviv@amazon.com>
backported to 3.7 |
Co-authored-by: Mike Lloyd <mike.lloyd@teradata.com> Reviewers: Divij Vaidya <diviv@amazon.com>
Co-authored-by: Mike Lloyd <mike.lloyd@teradata.com> Reviewers: Divij Vaidya <diviv@amazon.com>
Co-authored-by: Mike Lloyd <mike.lloyd@teradata.com> Reviewers: Divij Vaidya <diviv@amazon.com>
Co-authored-by: Mike Lloyd <mike.lloyd@teradata.com> Reviewers: Divij Vaidya <diviv@amazon.com>
Co-authored-by: Mike Lloyd <mike.lloyd@teradata.com> Reviewers: Divij Vaidya <diviv@amazon.com>
Co-authored-by: Mike Lloyd <mike.lloyd@teradata.com> Reviewers: Divij Vaidya <diviv@amazon.com>
Co-authored-by: Mike Lloyd <mike.lloyd@teradata.com> Reviewers: Divij Vaidya <diviv@amazon.com>
Co-authored-by: Mike Lloyd <mike.lloyd@teradata.com> Reviewers: Divij Vaidya <diviv@amazon.com>
Co-authored-by: Mike Lloyd <mike.lloyd@teradata.com> Reviewers: Divij Vaidya <diviv@amazon.com>
Co-authored-by: Mike Lloyd <mike.lloyd@teradata.com> Reviewers: Divij Vaidya <diviv@amazon.com>
Co-authored-by: Mike Lloyd <mike.lloyd@teradata.com> Reviewers: Divij Vaidya <diviv@amazon.com> Co-authored-by: Mike Lloyd <49411532+mike-lloyd03@users.noreply.github.com>
Co-authored-by: Mike Lloyd <mike.lloyd@teradata.com> Reviewers: Divij Vaidya <diviv@amazon.com> Co-authored-by: Mike Lloyd <49411532+mike-lloyd03@users.noreply.github.com>
Co-authored-by: Mike Lloyd <mike.lloyd@teradata.com> Reviewers: Divij Vaidya <diviv@amazon.com> Co-authored-by: Mike Lloyd <49411532+mike-lloyd03@users.noreply.github.com>
Co-authored-by: Mike Lloyd <mike.lloyd@teradata.com> Reviewers: Divij Vaidya <diviv@amazon.com> Co-authored-by: Mike Lloyd <49411532+mike-lloyd03@users.noreply.github.com>
Co-authored-by: Mike Lloyd <mike.lloyd@teradata.com> Reviewers: Divij Vaidya <diviv@amazon.com> Co-authored-by: Mike Lloyd <49411532+mike-lloyd03@users.noreply.github.com>
Co-authored-by: Mike Lloyd <mike.lloyd@teradata.com> Reviewers: Divij Vaidya <diviv@amazon.com> Co-authored-by: Mike Lloyd <49411532+mike-lloyd03@users.noreply.github.com>
Co-authored-by: Mike Lloyd <mike.lloyd@teradata.com> Reviewers: Divij Vaidya <diviv@amazon.com>
Committer Checklist (excluded from commit message)
org.bitbucket.b_c:jose4j
0.9.3 is susceptible to Denial of Service per CVE-2023-51775.This PR updates
kafka
to use 0.9.4.Thank you