Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Apache Commons Text to 1.10.0 #4542

Merged
merged 2 commits into from
Oct 19, 2022
Merged

Upgrade Apache Commons Text to 1.10.0 #4542

merged 2 commits into from
Oct 19, 2022

Conversation

daniellehrner
Copy link
Contributor

Signed-off-by: Daniel Lehrner daniel.lehrner@consensys.net

Upgrades Apache Commons Text to 1.10.0 to fix CVE-2022-42889

Documentation

  • I thought about documentation and added the doc-change-required label to this PR if
    updates are required.

Changelog

fab-10
fab-10 approved these changes Oct 19, 2022
View reviewed changes
Copy link
Contributor

@fab-10 fab-10 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just add a CHANGELOG entry

fab-10
fab-10 approved these changes Oct 19, 2022
View reviewed changes
Copy link
Contributor

@fab-10 fab-10 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just add a CHANGELOG entry

@garyschulte garyschulte force-pushed the upgrade_apache_commons_text_1.10.0 branch from a0e3941 to c9513ed Compare October 19, 2022 10:23
daniellehrner and others added 2 commits October 19, 2022 12:30
@daniellehrner @garyschulte
upgraded Apache Commons Text to fix CVE-2022-42889
59c3ba8 
Signed-off-by: Daniel Lehrner <daniel.lehrner@consensys.net>
@garyschulte
add changelog
e38acf7 
Signed-off-by: garyschulte <garyschulte@gmail.com>
@garyschulte garyschulte force-pushed the upgrade_apache_commons_text_1.10.0 branch from c9513ed to e38acf7 Compare October 19, 2022 10:30
@macfarla macfarla enabled auto-merge (squash) October 19, 2022 10:31
@macfarla macfarla merged commit e0b31e9 into hyperledger:main Oct 19, 2022
fab-10 pushed a commit to fab-10/besu that referenced this pull request Oct 19, 2022
@daniellehrner @garyschulte @fab-10
Upgrade Apache Commons Text to 1.10.0 (hyperledger#4542)
91511fa 
* upgraded Apache Commons Text to fix CVE-2022-42889

Signed-off-by: Daniel Lehrner <daniel.lehrner@consensys.net>

* add changelog

Signed-off-by: garyschulte <garyschulte@gmail.com>

Signed-off-by: Daniel Lehrner <daniel.lehrner@consensys.net>
Signed-off-by: garyschulte <garyschulte@gmail.com>
Co-authored-by: garyschulte <garyschulte@gmail.com>
fab-10 added a commit that referenced this pull request Oct 19, 2022
@fab-10 @gezero
@ahamlat @daniellehrner @garyschulte @shemnon @jflo
Release 22.7.7 (#4545)
fdb7e91 
* The block variable was keeping too much memory while waiting for future to finish (#4489)

Signed-off-by: Jiri Peinlich <jiri.peinlich@gmail.com>

* Reduce the number of runtime exceptions (SecurityModuleException) (#4508)

* During handshake, flip the encrypted message decryption by starting with the new format (EIP-8), and if there is an exception, try the old format. This will reduce the number of exceptions and unnecessary executions.

Signed-off-by: Ameziane H <ameziane.hamlat@consensys.net>

* update CHANGELOG.md to give more context on this PR.

Signed-off-by: Ameziane H <ameziane.hamlat@consensys.net>

* update CHANGELOG.md to give more context on this PR.

Signed-off-by: Ameziane H <ameziane.hamlat@consensys.net>

* Delete some debug code committed by error

Signed-off-by: Ameziane H <ameziane.hamlat@consensys.net>

Signed-off-by: Ameziane H <ameziane.hamlat@consensys.net>
Signed-off-by: ahamlat <ameziane.hamlat@consensys.net>

* Upgrade Apache Commons Text to 1.10.0 (#4542)

* upgraded Apache Commons Text to fix CVE-2022-42889

Signed-off-by: Daniel Lehrner <daniel.lehrner@consensys.net>

* add changelog

Signed-off-by: garyschulte <garyschulte@gmail.com>

Signed-off-by: Daniel Lehrner <daniel.lehrner@consensys.net>
Signed-off-by: garyschulte <garyschulte@gmail.com>
Co-authored-by: garyschulte <garyschulte@gmail.com>

* Tune EthScheduler thread pools to avoid to recreate too many threads (#4529)

Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net>

* Make GraphQL scalar parsing compatible with variables (#4522)

Our current GraphQL scalar parsing interacts poorly with the variables
support in the library.  Revise the parsing so it works correctly.

Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>

* don't add to bad blocks manager on StorageException (#4524)

* don't add to bad blocks manager on StorageException
* add bugfix to changelog
* adds test coverage

Signed-off-by: Justin Florentine <justin+github@florentine.us>

* CHANGELOG for 22.7.7

Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net>

* Release 22.7.7

Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net>

Signed-off-by: Jiri Peinlich <jiri.peinlich@gmail.com>
Signed-off-by: Ameziane H <ameziane.hamlat@consensys.net>
Signed-off-by: ahamlat <ameziane.hamlat@consensys.net>
Signed-off-by: Daniel Lehrner <daniel.lehrner@consensys.net>
Signed-off-by: garyschulte <garyschulte@gmail.com>
Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net>
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
Signed-off-by: Justin Florentine <justin+github@florentine.us>
Co-authored-by: Jiri Peinlich <jiri.peinlich@gmail.com>
Co-authored-by: ahamlat <ameziane.hamlat@consensys.net>
Co-authored-by: Daniel Lehrner <daniel.lehrner@consensys.net>
Co-authored-by: garyschulte <garyschulte@gmail.com>
Co-authored-by: Danno Ferrin <danno.ferrin@gmail.com>
Co-authored-by: Justin Florentine <justin+github@florentine.us>
macfarla pushed a commit to jflo/besu that referenced this pull request Jan 10, 2023
@daniellehrner @garyschulte @macfarla
Upgrade Apache Commons Text to 1.10.0 (hyperledger#4542)
c8caed6 
* upgraded Apache Commons Text to fix CVE-2022-42889

Signed-off-by: Daniel Lehrner <daniel.lehrner@consensys.net>

* add changelog

Signed-off-by: garyschulte <garyschulte@gmail.com>

Signed-off-by: Daniel Lehrner <daniel.lehrner@consensys.net>
Signed-off-by: garyschulte <garyschulte@gmail.com>
Co-authored-by: garyschulte <garyschulte@gmail.com>
Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com>
eum602 pushed a commit to lacchain/besu that referenced this pull request Nov 3, 2023
@daniellehrner @garyschulte @eum602
Upgrade Apache Commons Text to 1.10.0 (hyperledger#4542)
e015403 
* upgraded Apache Commons Text to fix CVE-2022-42889

Signed-off-by: Daniel Lehrner <daniel.lehrner@consensys.net>

* add changelog

Signed-off-by: garyschulte <garyschulte@gmail.com>

Signed-off-by: Daniel Lehrner <daniel.lehrner@consensys.net>
Signed-off-by: garyschulte <garyschulte@gmail.com>
Co-authored-by: garyschulte <garyschulte@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fab-10 fab-10 fab-10 approved these changes

Assignees
No one assigned
Labels
mainnet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@daniellehrner @fab-10 @macfarla @garyschulte