Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

switch back to ring-jetty-adapter - addresses security issue #39321

Merged
merged 1 commit into from Feb 29, 2024
Merged

switch back to ring-jetty-adapter - addresses security issue #39321

merged 1 commit into from Feb 29, 2024

Conversation

piranha
Copy link
Contributor

@piranha piranha commented Feb 29, 2024

Since jetty is still a security issue, and ring-jetty9-adapter actually pulls http2-server - which we don't use and don't need in our deps.

@piranha piranha added the backport Automatically create PR on current release branch on merge label Feb 29, 2024
@piranha piranha requested a review from a team February 29, 2024 17:53
@piranha piranha self-assigned this Feb 29, 2024
@metabase-bot metabase-bot bot added the .Team/BackendComponents also known as BEC label Feb 29, 2024
@replay-io replay.io
Copy link

replay-io bot commented Feb 29, 2024
edited

Status Complete ↗︎
Commit ed45f2d
Results
⚠️ 4 Flaky
2333 Passed

escherize
escherize approved these changes Feb 29, 2024
View reviewed changes
Copy link
Contributor

@escherize escherize left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@darksciencebase darksciencebase merged commit 3a016be into master Feb 29, 2024
119 of 134 checks passed
@darksciencebase darksciencebase deleted the update-jetty branch February 29, 2024 19:31
@github-actions GitHub Actions
Copy link

@piranha Did you forget to add a milestone to the issue for this PR? When and where should I add a milestone?

@metabase-bot metabase-bot bot mentioned this pull request Feb 29, 2024
Closed
@piranha
Copy link
Contributor Author

piranha commented Feb 29, 2024

@metabase-bot backport release-x.49.x

@piranha piranha added this to the 0.49 milestone Feb 29, 2024
github-actions bot pushed a commit that referenced this pull request Feb 29, 2024
@piranha
switch back to ring-jetty-adapter - addresses security issue (#39321)
8443aa5
@metabase-bot metabase-bot bot mentioned this pull request Feb 29, 2024
Merged
darksciencebase pushed a commit that referenced this pull request Feb 29, 2024
@metabase-bot @piranha
switch back to ring-jetty-adapter - addresses security issue (#39321) (
68d7e82 
…#39427)

Co-authored-by: Alexander Solovyov <alexander@solovyov.net>
piranha added a commit that referenced this pull request Mar 18, 2024
@piranha
switch back to ring-jetty-adapter - addresses security issue (#39321)
1d23120
@piranha piranha mentioned this pull request Mar 18, 2024
Merged
darksciencebase pushed a commit that referenced this pull request Mar 18, 2024
@piranha @noahmoss
Backport security fixes (#40242)
451910a 
* update deps with security issues (#39286)

* switch back to ring-jetty-adapter - addresses security issue (#39321)

* Bump clojure to 11.1.2 (#39857)

* add type hint for liquibase

---------

Co-authored-by: Noah Moss <32746338+noahmoss@users.noreply.github.com>
WiNloSt pushed a commit that referenced this pull request Mar 19, 2024
@piranha @WiNloSt
switch back to ring-jetty-adapter - addresses security issue (#39321)
b003f90
@WiNloSt WiNloSt mentioned this pull request Mar 19, 2024
Merged
WiNloSt added a commit that referenced this pull request Mar 19, 2024
@WiNloSt @piranha
@noahmoss @snoe
Backport security fixes for 47 (#40284)
692058e 
* update graalvm (#38218)

* update deps with security issues (#39286)

* switch back to ring-jetty-adapter - addresses security issue (#39321)

* Bump clojure to 11.1.2 (#39857)

* Bump dependencies based on vulnerabilities (#36504)

* Bump dependencies based on vulnerabilities

* More deps bumped

* Bump more deps

* Rollback H2 dependency bump

* Add comments and make guava match elsewhere.

---------

Co-authored-by: Alexander Solovyov <alexander@solovyov.net>
Co-authored-by: Noah Moss <32746338+noahmoss@users.noreply.github.com>
Co-authored-by: Case Nelson <case@metabase.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@escherize escherize escherize approved these changes

@camsaul camsaul Awaiting requested review from camsaul camsaul is a code owner

Assignees

@piranha piranha

Labels
backport Automatically create PR on current release branch on merge .Team/BackendComponents also known as BEC
Projects
None yet
Milestone
0.49
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@piranha @escherize @darksciencebase