Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Upgrade commons-codec to 1.15 #10864

Merged
merged 1 commit into from
Jun 21, 2021
Merged

[Security] Upgrade commons-codec to 1.15 #10864

merged 1 commit into from
Jun 21, 2021

Conversation

lhotari
Copy link
Member

@lhotari lhotari commented Jun 9, 2021
edited
Loading

Motivation

Sonatype IQ vulnerability scanning flags commons-codec 1.11 as vulnerable.
It references the security fixes https://issues.apache.org/jira/browse/CODEC-134 (in 1.13) and https://issues.apache.org/jira/browse/CODEC-270 (in 1.14).

Modifications

Upgrade commons-codec to 1.15

@lhotari lhotari self-assigned this Jun 9, 2021
@lhotari lhotari added this to the 2.9.0 milestone Jun 9, 2021
@lhotari lhotari requested a review from aahmed-se June 9, 2021 08:13
@lhotari lhotari merged commit 2925dc1 into apache:master Jun 21, 2021
yangl pushed a commit to yangl/pulsar that referenced this pull request Jun 23, 2021
@lhotari @yangl
[Security] Upgrade commons-codec to 1.15 (apache#10864)
632f0b3 
- contains security fix https://issues.apache.org/jira/browse/CODEC-270
  (since commons-codec 1.14)
codelipenghui pushed a commit that referenced this pull request Jun 25, 2021
@lhotari @codelipenghui
[Security] Upgrade commons-codec to 1.15 (#10864)
1a2f820 
- contains security fix https://issues.apache.org/jira/browse/CODEC-270
  (since commons-codec 1.14)

(cherry picked from commit 2925dc1)
@codelipenghui codelipenghui added the cherry-picked/branch-2.8 Archived: 2.8 is end of life label Jun 25, 2021
bharanic-dev pushed a commit to bharanic-dev/pulsar that referenced this pull request Mar 18, 2022
@lhotari @ciaocloud
[Security] Upgrade commons-codec to 1.15 (apache#10864)
16bd496 
- contains security fix https://issues.apache.org/jira/browse/CODEC-270
  (since commons-codec 1.14)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sijie sijie sijie approved these changes

@codelipenghui codelipenghui Awaiting requested review from codelipenghui

@merlimat merlimat Awaiting requested review from merlimat

@eolivelli eolivelli Awaiting requested review from eolivelli

@aahmed-se aahmed-se Awaiting requested review from aahmed-se

Assignees

@lhotari lhotari

Labels
area/security cherry-picked/branch-2.8 Archived: 2.8 is end of life release/2.8.1
Projects
None yet
Milestone
2.9.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@lhotari @sijie @codelipenghui