Fix CVEs in 3.16. #46
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
LuisLainez
reviewed
Jan 15, 2024
es7-persistence/src/main/java/com/netflix/conductor/es7/dao/index/ElasticSearchRestDAOV7.java
Outdated
Show resolved
Hide resolved
LuisLainez
reviewed
Jan 15, 2024
|
Do I need to do anything else for this PR? |
No we are good. Should be merged soon and be part of the release. |
c4lm
approved these changes
Jan 30, 2024
ognjenkatic
added a commit
to codaxy/conductor
that referenced
this pull request
Jun 11, 2024
* Update README.md * Fix CVEs in 3.16. (conductor-oss#46) * Upgraded ES7 to 7.17.16, alpine to 3.19 * Update ElasticSearch to 7.17.16, some sdk tests are failing. * Server would not run, StackOverflow - 54742540 had this handy fix. * Use the new image in test container. * Update Spring Boot to 3.2.1. One failing test in end to end. * Handle the change in exceptions from Spring Framework. * Update AWS SDK for CVE fix. * Replace generic import with specific class. * Removed dependencies.lock file from projects. No longer used. * prevents orkes-queues from pulling in old version of condcutor (conductor-oss#55) * Documentation link update in Readme (conductor-oss#54) * Update README.md * Revert "Update README.md" This reverts commit fe16da9. * Update README.md * Change dependency group,version (conductor-oss#48) * Remove unnecessary Autowired from Constructors (conductor-oss#36) * Remove unnecessary Autowired from Constructors * Add @Autowired back to property classes --------- Co-authored-by: tiffany jernigan <gh@tiffanyfay.dev> * upgrade from gradle 7.6.2 to gradle 8.5 (conductor-oss#28) * Fix redundant taskDef in DB (conductor-oss#17) * Add imports file that define auto configure classes supported by spring-boot 2.7 (conductor-oss#60) * update the workflow template * fixes * Update README.md * Left menu URL fix for docs site (conductor-oss#77) Update mkdocs.yml by @RizaFarheen * Update source.md (conductor-oss#75) changed excuted -> executed * Update README.md (conductor-oss#72) againt -> against * Optimise the postgres queries for popping messages (conductor-oss#76) * Feature - use environment variable to set ES6 support mode for Nashorn script evaluator (conductor-oss#88) Use environment variable CONDUCTOR_NASHORN_ES6_ENABLED=true to set ES6 support mode for Nashorn script evaluator. * Fix an issue with the postgres indices as they weren't being used properly (conductor-oss#92) * Upgrade the postgres lib to prevent CVE-2024-1597 (conductor-oss#94) * Enable finer-grained control over the postgres indexing and searching (conductor-oss#93) * Enable the searching of the JSON field in Postgres to be configured * Enable the indexing of tasks to be enabled / disabled * Implement removeWorkflow for postgres index * Enable the migration to run without always recreating an index (conductor-oss#98) * Feature: Use TaskStatusListener.onTaskInProgress() (conductor-oss#58) * apply task-task-status-listener * fix test error * prevent NPE * Fix SpringBoot imports file location error (conductor-oss#89) * Implementation of Postgres PollDataDAO with read and write caching (conductor-oss#82) * Initial implementation of an experimental queue optimisation using Postgres LISTEN/NOTIFY (conductor-oss#87) * Initial implementation of an experimental queue optimisation using Postgres LISTEN/NOTIFY * Use Optional instead of returning null for getSize() * Update connection method for queue listener to make it more thread safe * Only apply the queue notify migrations if configured * Update the postgres docs with all configurable properties (conductor-oss#99) * Fix ElasticSearch health check failure when ES sets password (conductor-oss#59) * Add option to only index workflows on Postgres when their status changes (conductor-oss#83) * Implement postgres lock DAO * add postgres locking mention in docs * rename locking db migration * refactor query - the pg now() function is already UTC * fix test * fix pg query * simplify query * Adding redis username support for clusters (conductor-oss#105) Co-authored-by: Anup Chatterjee <chatterjeean@vmware.com> * fix tests * timeunit ms * Update README.md * Workflow and task status notifier Co-authored-by: ToastedTaco <lambij10@gmail.com> Co-authored-by: BabyBlue0214 <camdenlanier@gmail.com> Co-authored-by: Elijah Spicer <eli.sushi.spicer@gmail.com> * Fix PostgresIndexQueryBuilder null pointer exception (conductor-oss#116) * Throw IllegalArgumentException when query string does not match regex * Unit test for exception * Update README.md (conductor-oss#113) * Add a migration to relax the size constraint on task_index columns (conductor-oss#114) * Fix of exception handler trying to write response to a disconnected client (conductor-oss#109) Why: On Conductor server side, an exception gets raised `Failure in @ExceptionHandler com.netflix.conductor.rest.controllers.ApplicationExceptionMapper#handleAll(HttpServletRequest, Throwable)`. Cause is attempting to write while the client aborted the connection `org.apache.catalina.connector.ClientAbortException: java.io.IOException: Broken pipe` What: Added a ClientAbortException handler. Testing done: Local run. Not trivial to emulate the issue in a test. Such a test may rely on timing out the client before server responded. Signed-off-by: Iva Avramova <ikoleva@vmware.com> * Workflow bulk deletion API and action module options (conductor-oss#110) * Initial commit to add bulk workflow deletion * Added an API endpoint for bulk deletion * Add archiveworkflow param * Added bulk delete action to BulkActionModule * Added archive option to bulk delete * Addition of terminateRemove() Functions (conductor-oss#9) * Added an API endpoint for bulk deletion * Fixed WorkflowBulkServiceTest, added test cases for deleteWorkflow an… (conductor-oss#10) * Fixed WorkflowBulkServiceTest, added test cases for deleteWorkflow and terminateRemove, and added WorkflowResourceTest test for single terminateRemove * pass spotlessjava --------- Co-authored-by: JeffP <jeffp@jeffpham.com> --------- Co-authored-by: jeffp1 <jeffp@jeffpham.com> Co-authored-by: Ayush Thengne <ayushthengne@ayushs-macbook-pro.local> Co-authored-by: Jeff P <28172529+JeffP07@users.noreply.github.com> Co-authored-by: Doe1111 <106997600+Doe1111@users.noreply.github.com> * revert WorkflowDef changes * Join task fixes (conductor-oss#117) * fix join completing with errors when a task has failed or some tasks are not terminal yet * add more tests * add more comments to join routine * mark join task synchronous * Revert unrelated changes * Status Notifier Properties Cleanup * fix tests * fix formatting * update the tests for the JOIN task fix * Fix the name of the task index migration * Update README.md * Fix of exception handler trying to write response to a disconnected client Why: On Conductor server side, an exception gets raised `Failure in @ExceptionHandler com.netflix.conductor.rest.controllers.ApplicationExceptionMapper#handleAll(HttpServletRequest, Throwable)`. Cause is attempting to write while the client aborted the connection `org.apache.catalina.connector.ClientAbortException: java.io.IOException: Broken pipe`, while the exception was wrapped in `ClosedChannelException`. What: Added a ClosedChannelException handler for such exceptions root caused by ClientAbortException. Testing done: Local run. Not trivial to emulate the issue in a test. Such a test may rely on timing out the client before server responded. Signed-off-by: Iva Avramova <ikoleva@vmware.com> * Fix of exception handler trying to write response to a disconnected client Why: On Conductor server side, an exception gets raised `Failure in @ExceptionHandler com.netflix.conductor.rest.controllers.ApplicationExceptionMapper#handleAll(HttpServletRequest, Throwable)`. Cause is attempting to write while the client aborted the connection `org.apache.catalina.connector.ClientAbortException: java.io.IOException: Broken pipe`, while the exception was nested in `ClosedChannelException`. What: Added a ClosedChannelException handler for exception chain containing ClientAbortException. Testing done: Local run. Not trivial to emulate the issue in a test. Such a test may rely on timing out the client before server responded. Signed-off-by: Iva Avramova <ikoleva@vmware.com> * fix: Fix error with headers in webhook * Added logic to remove stale iteration outputs based on keepLastN parameter * Remove unused code block * Remove unused code block * Fixed formatting issues * Updating DoWhileTask keepLastN iteration endIndex * style: Fix style * added tests; generalized the exception Signed-off-by: Iva Avramova <ikoleva@vmware.com> * added tests; generalized the exception Signed-off-by: Iva Avramova <ikoleva@vmware.com> * Why: Ignoring a particular exception based on its stack trace should be rather an alerting concern. What: Reverted ClientAbortedException specific handler. Added test coverage for the existing exception handler. Testing done: local run Signed-off-by: Iva Avramova <ikoleva@vmware.com> * Update README.md * if status-listener error, task not executed * change the point of cancellation * Wrap PGExecutionDAO createTasks in a single transaction * publish roadmap * add link to the roadmap * Create codacy.yml * Delete .github/workflows/codacy.yml * Bump io.micrometer:micrometer-registry-datadog from 1.12.1 to 1.13.0 Bumps [io.micrometer:micrometer-registry-datadog](https://github.com/micrometer-metrics/micrometer) from 1.12.1 to 1.13.0. - [Release notes](https://github.com/micrometer-metrics/micrometer/releases) - [Commits](micrometer-metrics/micrometer@v1.12.1...v1.13.0) --- updated-dependencies: - dependency-name: io.micrometer:micrometer-registry-datadog dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Fix for concurrentExecLimit * Bump com.diffplug.spotless from 5.0.0 to 6.25.0 Bumps com.diffplug.spotless from 5.0.0 to 6.25.0. --- updated-dependencies: - dependency-name: com.diffplug.spotless dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: Iva Avramova <ikoleva@vmware.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Viren Baraiya <virenx@gmail.com> Co-authored-by: Dennis Caldwell <dcaldwell@callibrity.com> Co-authored-by: Brian Hawkins <brianhks1@gmail.com> Co-authored-by: Riza Farheen <82656175+RizaFarheen@users.noreply.github.com> Co-authored-by: Hoony <68694844+ghkdwlgns612@users.noreply.github.com> Co-authored-by: tiffany jernigan <tiffany.f.j@gmail.com> Co-authored-by: tiffany jernigan <gh@tiffanyfay.dev> Co-authored-by: HOA PHAN <s50600822@gmail.com> Co-authored-by: Richard Meng <meggarr@users.noreply.github.com> Co-authored-by: Young-Zen <40934357+Young-Zen@users.noreply.github.com> Co-authored-by: Kunal Kumar <kunaldevspro@gmail.com> Co-authored-by: Ikko Eltociear Ashimine <eltociear@gmail.com> Co-authored-by: Ben Pirt <ben@pirt.co.uk> Co-authored-by: Vasiliy Pankov <c4lm@users.noreply.github.com> Co-authored-by: Boney <boneysekh@gmail.com> Co-authored-by: Bert Verstraete <bertverstraete22@gmail.com> Co-authored-by: Anup Chatterjee <anup.chat@gmail.com> Co-authored-by: Anup Chatterjee <chatterjeean@vmware.com> Co-authored-by: CollinDewey <collin@dewey.net> Co-authored-by: ToastedTaco <lambij10@gmail.com> Co-authored-by: BabyBlue0214 <camdenlanier@gmail.com> Co-authored-by: Elijah Spicer <eli.sushi.spicer@gmail.com> Co-authored-by: omadaan <165099174+omadaan@users.noreply.github.com> Co-authored-by: ivakoleva <ikoleva@vmware.com> Co-authored-by: Olivia Bailey <78293238+olibaim@users.noreply.github.com> Co-authored-by: jeffp1 <jeffp@jeffpham.com> Co-authored-by: Ayush Thengne <ayushthengne@ayushs-macbook-pro.local> Co-authored-by: Jeff P <28172529+JeffP07@users.noreply.github.com> Co-authored-by: Doe1111 <106997600+Doe1111@users.noreply.github.com> Co-authored-by: Juan Cruz <juancruzmencia@gmail.com> Co-authored-by: Srihari Malagi <sriharimalagi@Sriharis-MacBook-Pro.local> Co-authored-by: Srihari K. Malagi <sriharimalagi@gmail.com> Co-authored-by: Martini <110882768+martini612@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: manan164 <1897158+manan164@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request type
Update dependencies to remove CVEs that were flagged in the build.
NOTE: Please remember to run
./gradlew spotlessApplyto fix any format violations.Changes in this PR
Updated ES7 to 7.17.16, Spring Boot to 3.2.1 and AWS SDK to 1.2.635. Docker image to alpine 3.19. Fixed tests.
Describe the new behavior from this PR, and why it's needed
Issue #
Alternatives considered
Describe alternative implementation you have considered