Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[security] pulsar-io-kafka: upgrade jakarta.el to 3.0.4 to get rid of CVE-2021-28170 #13943

Merged
merged 1 commit into from
Jan 31, 2022
Merged

[security] pulsar-io-kafka: upgrade jakarta.el to 3.0.4 to get rid of CVE-2021-28170 #13943

merged 1 commit into from
Jan 31, 2022

Conversation

nicoloboschi
Copy link
Contributor

Motivation

org.glassfish:jakarta.el:3.0.3 is vulnerable to CVE-2021-28170.

Links:

Modifications

Forced 3.0.4 version in pulsar-io/kafka

Documentation

  • no-need-doc

@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Jan 25, 2022
@nicoloboschi
Copy link
Contributor Author

/pulsarbot rerun-failure-checks

@dlg99
Copy link
Contributor

dlg99 commented Jan 25, 2022

/pulsarbot rerun-failure-checks

2 similar comments
@dlg99
Copy link
Contributor

dlg99 commented Jan 25, 2022

/pulsarbot rerun-failure-checks

@nicoloboschi
Copy link
Contributor Author

/pulsarbot rerun-failure-checks

nicoloboschi added a commit to datastax/pulsar that referenced this pull request Jan 25, 2022
@nicoloboschi
[security] pulsar-io-kafka: upgrade jakarta.el to 3.0.4 to get rid of C…
b034f5a 
…VE-2021-28170 apache#13943
@eolivelli eolivelli merged commit e7dca35 into apache:master Jan 31, 2022
@michaeljmarshall michaeljmarshall added this to the 2.10.0 milestone Jan 31, 2022
@michaeljmarshall
Copy link
Member

@nicoloboschi - does this need to be cherry picked to older Pulsar versions? I can add labels, if so.

@nicoloboschi
Copy link
Contributor Author

I don't think so. We upgraded a lot of other libraries these days but only in the master branch. Pulsar 2.10 will be cleaner than the current release branches

Thanks for asking @michaeljmarshall

nicoloboschi added a commit to datastax/pulsar that referenced this pull request Feb 28, 2022
@nicoloboschi
[security] pulsar-io-kafka: upgrade jakarta.el to 3.0.4 to get rid of C…
8aa98f1 
…VE-2021-28170 apache#13943

(cherry picked from commit b034f5a)
Nicklee007 pushed a commit to Nicklee007/pulsar that referenced this pull request Apr 20, 2022
@nicoloboschi
[security] pulsar-io-kafka: upgrade jakarta.el to 3.0.4 to get rid of C…
21b3c75 
…VE-2021-28170 (apache#13943)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dlg99 dlg99 dlg99 approved these changes

@eolivelli eolivelli eolivelli approved these changes

@mattisonchao mattisonchao mattisonchao approved these changes

Assignees

@nicoloboschi nicoloboschi

Labels
area/security doc-not-needed Your PR changes do not impact docs
Projects
None yet
Milestone
2.10.0
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@nicoloboschi @dlg99 @michaeljmarshall @eolivelli @mattisonchao