Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump version of jgit to 6.7.0.202309050840-r to fix CVE-2023-4759 #10147

Merged
merged 2 commits into from Sep 21, 2023
Merged

Bump version of jgit to 6.7.0.202309050840-r to fix CVE-2023-4759 #10147

merged 2 commits into from Sep 21, 2023

Conversation

Poojita-Raj
Copy link
Contributor

Description

Fixes CVE-2023-4759.

Related Issues

Resolves #[Issue number to be closed when this PR is merged]

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff
  • Commit changes are listed out in CHANGELOG.md file (See: Changelog)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@Poojita-Raj
change dependency version of jgit
be543b8 
Signed-off-by: Poojita Raj <poojiraj@amazon.com>
@Poojita-Raj
add changelog
5b0e32b 
Signed-off-by: Poojita Raj <poojiraj@amazon.com>
@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@github-actions
Copy link
Contributor

github-actions bot commented Sep 20, 2023
edited

Compatibility status:

Checks if related components are compatible with change 5b0e32b

Incompatible components

Incompatible components: [https://github.com/opensearch-project/k-nn.git]

Skipped components

Compatible components

Compatible components: [https://github.com/opensearch-project/security-analytics.git, https://github.com/opensearch-project/security.git, https://github.com/opensearch-project/custom-codecs.git, https://github.com/opensearch-project/opensearch-oci-object-storage.git, https://github.com/opensearch-project/index-management.git, https://github.com/opensearch-project/geospatial.git, https://github.com/opensearch-project/sql.git, https://github.com/opensearch-project/notifications.git, https://github.com/opensearch-project/job-scheduler.git, https://github.com/opensearch-project/observability.git, https://github.com/opensearch-project/neural-search.git, https://github.com/opensearch-project/cross-cluster-replication.git, https://github.com/opensearch-project/alerting.git, https://github.com/opensearch-project/anomaly-detection.git, https://github.com/opensearch-project/performance-analyzer.git, https://github.com/opensearch-project/asynchronous-search.git, https://github.com/opensearch-project/ml-commons.git, https://github.com/opensearch-project/performance-analyzer-rca.git, https://github.com/opensearch-project/common-utils.git, https://github.com/opensearch-project/reporting.git]

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@codecov
Copy link

codecov bot commented Sep 20, 2023

Codecov Report

Merging #10147 (5b0e32b) into main (9b5bf5f) will increase coverage by 0.05%.
Report is 1 commits behind head on main.
The diff coverage is n/a.

@@             Coverage Diff              @@
##               main   #10147      +/-   ##
============================================
+ Coverage     71.04%   71.10%   +0.05%     
- Complexity    58090    58144      +54     
============================================
  Files          4825     4825              
  Lines        274101   274101              
  Branches      39945    39945              
============================================
+ Hits         194741   194896     +155     
+ Misses        63026    62870     -156     
- Partials      16334    16335       +1

see 484 files with indirect coverage changes

@Poojita-Raj Poojita-Raj reopened this Sep 20, 2023
@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@Poojita-Raj
Copy link
Contributor Author

Gradle Check (Jenkins) Run Completed with:

* **RESULT:**  ❌

* **URL:** https://build.ci.opensearch.org/job/gradle-check/25962/

* **CommitID:** [5b0e32b](https://github.com/opensearch-project/OpenSearch/commit/5b0e32bfb097a660dd6a11cdcc1dd569abda64ed)
  Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green.
  Is the failure [a flaky test](https://github.com/opensearch-project/OpenSearch/blob/main/DEVELOPER_GUIDE.md#flaky-tests) unrelated to your change?

#9828

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@reta reta merged commit ef343d7 into opensearch-project:main Sep 21, 2023
27 checks passed
@reta reta added dependencies Pull requests that update a dependency file backport 2.x Backport to 2.x branch labels Sep 21, 2023
@opensearch-trigger-bot
Copy link
Contributor

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/OpenSearch/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/OpenSearch/backport-2.x
# Create a new branch
git switch --create backport/backport-10147-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 ef343d769439f510aba6f20b7746bbcf5f42e377
# Push it to GitHub
git push --set-upstream origin backport/backport-10147-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/OpenSearch/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-10147-to-2.x.

@reta
Copy link
Collaborator

reta commented Sep 21, 2023

@Poojita-Raj could you please manually backport to 2.x? thank you

Poojita-Raj added a commit to Poojita-Raj/OpenSearch that referenced this pull request Sep 21, 2023
@Poojita-Raj
Bump version of jgit to 6.7.0.202309050840-r to fix CVE-2023-4759 (op…
daa75cf 
…ensearch-project#10147)

* change dependency version of jgit

Signed-off-by: Poojita Raj <poojiraj@amazon.com>

* add changelog

Signed-off-by: Poojita Raj <poojiraj@amazon.com>

---------

Signed-off-by: Poojita Raj <poojiraj@amazon.com>
Rishikesh1159 pushed a commit that referenced this pull request Sep 22, 2023
@Poojita-Raj
Bump version of jgit to 6.7.0.202309050840-r to fix CVE-2023-4759 (#1…
c1c1cee 
…0147) (#10166)

* change dependency version of jgit



* add changelog



---------

Signed-off-by: Poojita Raj <poojiraj@amazon.com>
sarthakaggarwal97 pushed a commit to sarthakaggarwal97/OpenSearch that referenced this pull request Sep 24, 2023
@Poojita-Raj @sarthakaggarwal97
Bump version of jgit to 6.7.0.202309050840-r to fix CVE-2023-4759 (op…
bd5d33b 
…ensearch-project#10147)

* change dependency version of jgit

Signed-off-by: Poojita Raj <poojiraj@amazon.com>

* add changelog

Signed-off-by: Poojita Raj <poojiraj@amazon.com>

---------

Signed-off-by: Poojita Raj <poojiraj@amazon.com>
brusic pushed a commit to brusic/OpenSearch that referenced this pull request Sep 25, 2023
@Poojita-Raj @brusic
Bump version of jgit to 6.7.0.202309050840-r to fix CVE-2023-4759 (op…
642b4a4 
…ensearch-project#10147)

* change dependency version of jgit

Signed-off-by: Poojita Raj <poojiraj@amazon.com>

* add changelog

Signed-off-by: Poojita Raj <poojiraj@amazon.com>

---------

Signed-off-by: Poojita Raj <poojiraj@amazon.com>
Signed-off-by: Ivan Brusic <ivan.brusic@flocksafety.com>
vikasvb90 pushed a commit to vikasvb90/OpenSearch that referenced this pull request Oct 10, 2023
@Poojita-Raj @vikasvb90
Bump version of jgit to 6.7.0.202309050840-r to fix CVE-2023-4759 (op…
2b1fe99 
…ensearch-project#10147)

* change dependency version of jgit

Signed-off-by: Poojita Raj <poojiraj@amazon.com>

* add changelog

Signed-off-by: Poojita Raj <poojiraj@amazon.com>

---------

Signed-off-by: Poojita Raj <poojiraj@amazon.com>
@AlexRuiz7 AlexRuiz7 mentioned this pull request Nov 17, 2023
Closed
4 tasks
shiv0408 pushed a commit to Gaurav614/OpenSearch that referenced this pull request Apr 25, 2024
@Poojita-Raj @shiv0408
Bump version of jgit to 6.7.0.202309050840-r to fix CVE-2023-4759 (op…
4e2b42f 
…ensearch-project#10147)

* change dependency version of jgit

Signed-off-by: Poojita Raj <poojiraj@amazon.com>

* add changelog

Signed-off-by: Poojita Raj <poojiraj@amazon.com>

---------

Signed-off-by: Poojita Raj <poojiraj@amazon.com>
Signed-off-by: Shivansh Arora <hishiv@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reta reta reta approved these changes

@anasalkouz anasalkouz Awaiting requested review from anasalkouz anasalkouz is a code owner

@andrross andrross Awaiting requested review from andrross andrross is a code owner

@Bukhtawar Bukhtawar Awaiting requested review from Bukhtawar Bukhtawar is a code owner

@CEHENKLE CEHENKLE Awaiting requested review from CEHENKLE CEHENKLE is a code owner

@dblock dblock Awaiting requested review from dblock dblock is a code owner

@gbbafna gbbafna Awaiting requested review from gbbafna gbbafna is a code owner

@setiah setiah Awaiting requested review from setiah

@kartg kartg Awaiting requested review from kartg

@kotwanikunal kotwanikunal Awaiting requested review from kotwanikunal kotwanikunal is a code owner

@mch2 mch2 Awaiting requested review from mch2 mch2 is a code owner

@nknize nknize Awaiting requested review from nknize nknize is a code owner

@owaiskazi19 owaiskazi19 Awaiting requested review from owaiskazi19 owaiskazi19 is a code owner

@peternied peternied Awaiting requested review from peternied

@Rishikesh1159 Rishikesh1159 Awaiting requested review from Rishikesh1159 Rishikesh1159 is a code owner

@ryanbogan ryanbogan Awaiting requested review from ryanbogan

@saratvemulapalli saratvemulapalli Awaiting requested review from saratvemulapalli saratvemulapalli is a code owner

@shwetathareja shwetathareja Awaiting requested review from shwetathareja shwetathareja is a code owner

@dreamer-89 dreamer-89 Awaiting requested review from dreamer-89 dreamer-89 is a code owner

@VachaShah VachaShah Awaiting requested review from VachaShah VachaShah is a code owner

@dbwiddis dbwiddis Awaiting requested review from dbwiddis dbwiddis is a code owner

@sachinpkale sachinpkale Awaiting requested review from sachinpkale sachinpkale is a code owner

@sohami sohami Awaiting requested review from sohami sohami is a code owner

@msfroh msfroh Awaiting requested review from msfroh msfroh is a code owner

Assignees
No one assigned
Labels
backport 2.x Backport to 2.x branch backport-failed dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Poojita-Raj @reta @andrross