Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade the CouchDB used to v3.3.3 as per CVE-2023-45725. #4595

Merged
merged 1 commit into from Jan 12, 2024
Merged

Upgrade the CouchDB used to v3.3.3 as per CVE-2023-45725. #4595

merged 1 commit into from Jan 12, 2024

Conversation

benjsmi
Copy link
Contributor

@benjsmi benjsmi commented Jan 5, 2024

Type of change

  • Improvement (improvement to code, performance, etc)

Description

Move to CouchDB v3.3.3. There's a security vulnerability with CouchDB v3.3.2. I think this only impacts the testing that happens to Fabric, but this PR is a good way to be sure.

Additional details

I have tested that CouchDB v3.3.3 is not majorly functionally different than CouchDB v3.3.2. (See its Release Notes). There have been no breaking API changes in v3.3.3, only bug fixes and security patches.

I would suggest backporting this to Fabric v2.5.x because it's only a CouchDB Patch.

Related issues

Tracked by #4594

@benjsmi benjsmi requested a review from a team as a code owner January 5, 2024 15:34
@benjsmi benjsmi mentioned this pull request Jan 5, 2024
Closed
@benjsmi
Upgrade the CouchDB used to v3.3.3 as per CVE-2023-45725.
c186bfe 
Tracked by #4594

Signed-off-by: Ben Smith <benjsmi@us.ibm.com>
@benjsmi
Copy link
Contributor Author

benjsmi commented Jan 5, 2024

If someone wants to look and/or help me... The tests are failing, but I'm about 98% certain that they aren't failing because of CouchDB. The problems appear to be in the blocksprovider, which is an internal fabric component.

@denyeart
Copy link
Contributor

denyeart commented Jan 8, 2024

@tock-ibm High unit test failure rate recently, could you take a look?

2024-01-08T16:30:08.6643791Z --- FAIL: TestBFTDeliverer_BlockReception (0.51s)
2024-01-08T16:30:08.6644500Z     --- FAIL: TestBFTDeliverer_BlockReception/Config_block_is_valid,_updates_verifier (0.01s)
2024-01-08T16:30:08.6645526Z         bft_deliverer_test.go:940: block progress is reported correctly before start
2024-01-08T16:30:08.6646145Z         bft_deliverer_test.go:952: Recv() returns a single config block, num: 7
2024-01-08T16:30:08.6646725Z         bft_deliverer_test.go:978: receives the block and loops, not sleeping
2024-01-08T16:30:08.6647233Z         bft_deliverer_test.go:982: checks the validity of the block
2024-01-08T16:30:08.6647595Z         bft_deliverer_test.go:993: handle the block
2024-01-08T16:30:08.6648222Z         bft_deliverer_test.go:1005: update config on verifier
2024-01-08T16:30:08.6648762Z         bft_deliverer_test.go:1008: block progress is reported correctly
2024-01-08T16:30:08.6649047Z         bft_deliverer_test.go:1010: 
2024-01-08T16:30:08.6650229Z             	Error Trace:	/home/runner/work/fabric/fabric/internal/pkg/peer/blocksprovider/bft_deliverer_test.go:1010
2024-01-08T16:30:08.6650515Z             	Error:      	Not equal: 
2024-01-08T16:30:08.6650890Z             	            	expected: 0x7
2024-01-08T16:30:08.6651272Z             	            	actual  : 0x6
2024-01-08T16:30:08.6652061Z             	Test:       	TestBFTDeliverer_BlockReception/Config_block_is_valid,_updates_verifier

@denyeart
Copy link
Contributor

I'll go ahead and merge since the failures are not related.

@denyeart denyeart merged commit 844e281 into hyperledger:main Jan 12, 2024
13 of 14 checks passed
@benjsmi benjsmi deleted the couchdb-3.3.3 branch January 17, 2024 15:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@benjsmi @denyeart