ZOOKEEPER-4707: Upgrade snappy-java to address multiple CVEs #2014
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 tasks
|
@eolivelli Please review |
symat
requested changes
Jun 30, 2023
There was a problem hiding this comment.
Thank you @lhotari for your PR, this is very important for us, because we plan to release 3.8.2 and 3.9.0 soon.
Could you please also rename the related license file (see in https://github.com/apache/zookeeper/tree/master/zookeeper-server/src/main/resources/lib ) from snappy-java-1.1.9.1.jar_LICENSE.txt to snappy-java-1.1.10.1.jar_LICENSE.txt ?
If you can do the rename, I can approve and merge your PR to all active branches. Please let me know if you don't have the time, then I can create an other PR.
Thank you for your time and help!
|
@symat Thanks for the review. I renamed the license file. PTAL |
asfgit
pushed a commit
that referenced
this pull request
Jul 4, 2023
Address multiple CVEs: CVE-2023-34453 CVE-2023-34454 CVE-2023-34455 See https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1 (cherry picked from commit 4661437)
asfgit
pushed a commit
that referenced
this pull request
Jul 4, 2023
Address multiple CVEs: CVE-2023-34453 CVE-2023-34454 CVE-2023-34455 See https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1 (cherry picked from commit 4661437)
anurag-harness
pushed a commit
to anurag-harness/zookeeper
that referenced
this pull request
Aug 31, 2023
anurag-harness
added a commit
to anurag-harness/zookeeper
that referenced
this pull request
Aug 31, 2023
…2014) (#67) Address multiple CVEs: CVE-2023-34453 CVE-2023-34454 CVE-2023-34455 See https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1 Co-authored-by: Lari Hotari <lhotari@users.noreply.github.com>
rahulrane50
pushed a commit
to rahulrane50/zookeeper
that referenced
this pull request
Sep 15, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Address multiple CVEs:
CVE-2023-34453
CVE-2023-34454
CVE-2023-34455
See https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1