Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[fix][sec] Upgrade snappy-java to address multiple CVEs #20604

Merged
merged 1 commit into from Jun 20, 2023
Merged

[fix][sec] Upgrade snappy-java to address multiple CVEs #20604

merged 1 commit into from Jun 20, 2023

Conversation

lhotari
Copy link
Member

@lhotari lhotari commented Jun 19, 2023

Motivation

OWASP dependency check has detected multiple CVEs in snappy-java

Modifications

See https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1

Documentation

  • doc
  • doc-required
  • doc-not-needed
  • doc-complete

@lhotari lhotari added this to the 3.1.0 milestone Jun 19, 2023
@lhotari lhotari self-assigned this Jun 19, 2023
@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Jun 19, 2023
@lhotari
Copy link
Member Author

lhotari commented Jun 19, 2023

I also created PRs to Zookeeper (apache/zookeeper#2014) and Bookkeeper (apache/bookkeeper#3993) to upgrade snappy-java to 1.1.10.1 .

@lhotari lhotari merged commit 62a99ed into apache:master Jun 20, 2023
42 of 44 checks passed
nicoloboschi pushed a commit to datastax/pulsar that referenced this pull request Jul 3, 2023
@lhotari @nicoloboschi
[fix][sec] Upgrade snappy-java to address multiple CVEs (apache#20604)
51585c2 
(cherry picked from commit 62a99ed)
nicoloboschi pushed a commit that referenced this pull request Jul 3, 2023
@lhotari @nicoloboschi
[fix][sec] Upgrade snappy-java to address multiple CVEs (#20604)
dc25810 
(cherry picked from commit 62a99ed)
nicoloboschi pushed a commit that referenced this pull request Jul 3, 2023
@lhotari @nicoloboschi
[fix][sec] Upgrade snappy-java to address multiple CVEs (#20604)
186fc9d 
(cherry picked from commit 62a99ed)
RobertIndie pushed a commit that referenced this pull request Jul 13, 2023
@lhotari @RobertIndie
[fix][sec] Upgrade snappy-java to address multiple CVEs (#20604)
0cd4bed 
(cherry picked from commit 62a99ed)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nodece nodece nodece approved these changes

@tisonkun tisonkun tisonkun approved these changes

@shoothzj shoothzj Awaiting requested review from shoothzj

@nicoloboschi nicoloboschi Awaiting requested review from nicoloboschi

Assignees

@lhotari lhotari

Labels
area/security cherry-picked/branch-2.10 cherry-picked/branch-2.11 cherry-picked/branch-3.0 doc-not-needed Your PR changes do not impact docs ready-to-test release/2.10.5 release/2.11.2 release/3.0.1
Projects
None yet
Milestone
3.1.0
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@lhotari @nodece @tisonkun @RobertIndie @nicoloboschi