Skip to content

[fix][sec] Upgrade org.bouncycastle:bc-fips to 1.0.2.3#18562

Merged
tisonkun merged 1 commit intoapache:masterfrom
tisonkun:CVE-2020-15522
Nov 22, 2022
Merged

[fix][sec] Upgrade org.bouncycastle:bc-fips to 1.0.2.3#18562
tisonkun merged 1 commit intoapache:masterfrom
tisonkun:CVE-2020-15522

Conversation

@tisonkun
Copy link
Member

@tisonkun tisonkun commented Nov 22, 2022
edited
Loading

This supersedes #18558 and fixes CVE-2020-15522. Co-authored by @pen4.

Documentation

  • doc
  • doc-required
  • doc-not-needed
  • doc-complete

Matching PR in forked repository

PR in forked repository:

@tisonkun @pen4
[fix][sec] Upgrade org.bouncycastle:bc-fips to 1.0.2.3
a957960 
Signed-off-by: tison <wander4096@gmail.com>
Co-Authored-by: pen4 <sgi_kangxd@126.com>
@github-actions

This comment was marked as outdated.

Sign in to view
@github-actions github-actions bot added the doc Your PR contains doc changes, no matter whether the changes are in markdown or code files. label Nov 22, 2022
@tisonkun
Copy link
Member Author

tisonkun commented Nov 22, 2022

/pulsarbot run-failure-checks

@codecov-commenter
Copy link

codecov-commenter commented Nov 22, 2022
edited
Loading

Codecov Report

Merging #18562 (a957960) into master (be1d07e) will increase coverage by 10.51%.
The diff coverage is n/a.

Impacted file tree graph

@@              Coverage Diff              @@
##             master   #18562       +/-   ##
=============================================
+ Coverage     36.82%   47.33%   +10.51%     
- Complexity     7842    10463     +2621     
=============================================
  Files           698      698               
  Lines         68060    68060               
  Branches       7277     7277               
=============================================
+ Hits          25062    32216     +7154     
+ Misses        39675    32263     -7412     
- Partials       3323     3581      +258
Flag Coverage Δ
unittests 47.33% <ø> (+10.51%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...apache/pulsar/broker/service/TopicListService.java 42.62% <0.00%> (-12.30%) ⬇️
...tent/NonPersistentDispatcherMultipleConsumers.java 40.74% <0.00%> (-7.41%) ⬇️
...roker/service/persistent/MessageDeduplication.java 50.21% <0.00%> (-4.37%) ⬇️
...g/apache/pulsar/client/impl/ConnectionHandler.java 50.00% <0.00%> (-3.20%) ⬇️
...va/org/apache/pulsar/client/impl/HandlerState.java 67.56% <0.00%> (-2.71%) ⬇️
...ervice/AbstractDispatcherSingleActiveConsumer.java 69.15% <0.00%> (-1.87%) ⬇️
...apache/pulsar/proxy/server/LookupProxyHandler.java 57.75% <0.00%> (-1.73%) ⬇️
...pulsar/broker/service/PulsarCommandSenderImpl.java 76.92% <0.00%> (-1.54%) ⬇️
.../org/apache/pulsar/client/impl/ConnectionPool.java 37.43% <0.00%> (-1.03%) ⬇️
...va/org/apache/pulsar/broker/service/ServerCnx.java 48.74% <0.00%> (-0.35%) ⬇️
... and 119 more

@tisonkun
Copy link
Member Author

tisonkun commented Nov 22, 2022

@nicoloboschi Thanks for your review! Merging...

@tisonkun tisonkun merged commit 5df8b50 into apache:master Nov 22, 2022
@tisonkun tisonkun deleted the CVE-2020-15522 branch November 22, 2022 06:56
lifepuzzlefun pushed a commit to lifepuzzlefun/pulsar that referenced this pull request Dec 9, 2022
@tisonkun @pen4 @lifepuzzlefun
[fix][sec] Upgrade org.bouncycastle:bc-fips to 1.0.2.3 (apache#18562)
5daf521 
Signed-off-by: tison <wander4096@gmail.com>
Co-authored-by: pen4 <sgi_kangxd@126.com>
lifepuzzlefun pushed a commit to lifepuzzlefun/pulsar that referenced this pull request Jan 10, 2023
@tisonkun @pen4 @lifepuzzlefun
[fix][sec] Upgrade org.bouncycastle:bc-fips to 1.0.2.3 (apache#18562)
67bf814 
Signed-off-by: tison <wander4096@gmail.com>
Co-authored-by: pen4 <sgi_kangxd@126.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nicoloboschi nicoloboschi nicoloboschi approved these changes

@lhotari lhotari Awaiting requested review from lhotari

@nodece nodece Awaiting requested review from nodece

Assignees

No one assigned

Labels

doc Your PR contains doc changes, no matter whether the changes are in markdown or code files. ready-to-test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tisonkun @codecov-commenter @nicoloboschi