Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade jclouds to 2.3.0 to fix security vulnerabilities #10149

Merged
merged 5 commits into from
Apr 18, 2021
Merged

Upgrade jclouds to 2.3.0 to fix security vulnerabilities #10149

merged 5 commits into from
Apr 18, 2021

Conversation

lhotari
Copy link
Member

@lhotari lhotari commented Apr 6, 2021
edited
Loading

Motivation

Currently jclouds uses Guava 18 which contains vulnerabilities CVE-2020-8908 and CVE-2018-10237 .

Modifications

  • Upgrade jclouds version to 2.3.0 which supports newer Guava versions.
  • Use the Guava version managed in pom.xml (30.1-jre)
  • Upgrade javax.annotation:javax.annotation-api from 1.2 to 1.3.2
  • Add gson and javax:annotation-api to the shaded jclouds jar to fix classloading

@david-streamlio
Copy link
Contributor

LGTM

@merlimat merlimat added this to the 2.8.0 milestone Apr 6, 2021
michaeljmarshall
michaeljmarshall approved these changes Apr 7, 2021
View reviewed changes
Copy link
Member

@michaeljmarshall michaeljmarshall left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@eolivelli
Copy link
Contributor

/pulsarbot rerun-failure-checks

@lhotari lhotari marked this pull request as draft April 14, 2021 19:10
@lhotari
Copy link
Member Author

lhotari commented Apr 15, 2021

/pulsarbot run-failure-checks

2 similar comments
@lhotari
Copy link
Member Author

lhotari commented Apr 15, 2021

/pulsarbot run-failure-checks

@lhotari
Copy link
Member Author

lhotari commented Apr 15, 2021

/pulsarbot run-failure-checks

@lhotari lhotari marked this pull request as ready for review April 18, 2021 08:07
@lhotari
Copy link
Member Author

lhotari commented Apr 18, 2021

/pulsarbot run-failure-checks

1 similar comment
@lhotari
Copy link
Member Author

lhotari commented Apr 18, 2021

/pulsarbot run-failure-checks

@eolivelli eolivelli merged commit 756802d into apache:master Apr 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@merlimat merlimat merlimat approved these changes

@sijie sijie sijie approved these changes

@michaeljmarshall michaeljmarshall michaeljmarshall approved these changes

Assignees

@lhotari lhotari

Labels
area/security
Projects
None yet
Milestone
2.8.0
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@lhotari @david-streamlio @eolivelli @merlimat @sijie @michaeljmarshall