Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue 6978 : Cherry-pick PR 6976 to r0.13 #6979

Merged

Conversation

anju-c-das
Copy link
Contributor

Change log description
Fixed the security related CVEs which were reported for 0.13.

Purpose of the change
Fixes #6975.

What the code does
See #6975.

How to verify it
See #6975.

…ries (pravega#6976)

Upgrades the following libraries to higher versions to fix CVEs found: jacksonVersion 2.13.4 -> 2.14.0, micrometerVersion 1.2.0	 -> 1.3.7, com.fasterxml.woodstox:woodstox-core (new) -> 6.4.0.

Signed-off-by: anju-c-das <anju.das@dell.com>
@codecov
Copy link

codecov bot commented Dec 21, 2022

Codecov Report

Base: 86.32% // Head: 86.35% // Increases project coverage by +0.02% 🎉

Coverage data is based on head (de548d0) compared to base (43a7e9d).
Patch has no changes to coverable lines.

Additional details and impacted files
@@             Coverage Diff              @@
##              r0.13    #6979      +/-   ##
============================================
+ Coverage     86.32%   86.35%   +0.02%     
- Complexity    15908    15920      +12     
============================================
  Files          1027     1027              
  Lines         59279    59279              
  Branches       5998     5998              
============================================
+ Hits          51171    51188      +17     
+ Misses         4965     4956       -9     
+ Partials       3143     3135       -8     
Impacted Files Coverage Δ
...a/io/pravega/controller/task/Stream/TestTasks.java 33.33% <0.00%> (-20.00%) ⬇️
...ntstore/server/host/ZKSegmentContainerManager.java 87.50% <0.00%> (-6.25%) ⬇️
...ega/controller/store/task/ZKTaskMetadataStore.java 82.60% <0.00%> (-2.90%) ⬇️
...ga/controller/store/client/StoreClientFactory.java 81.81% <0.00%> (-2.28%) ⬇️
...pravega/client/connection/impl/CommandEncoder.java 87.77% <0.00%> (-1.67%) ⬇️
...a/segmentstore/server/logs/OperationProcessor.java 89.47% <0.00%> (-1.41%) ⬇️
...ver/containers/StreamSegmentContainerMetadata.java 96.81% <0.00%> (-0.64%) ⬇️
.../segmentstore/server/writer/SegmentAggregator.java 79.88% <0.00%> (-0.43%) ⬇️
.../segmentstore/server/tables/ContainerKeyIndex.java 93.54% <0.00%> (-0.30%) ⬇️
.../server/attributes/SegmentAttributeBTreeIndex.java 90.16% <0.00%> (+0.27%) ⬆️
... and 14 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@anju-c-das anju-c-das marked this pull request as ready for review December 22, 2022 03:56
Copy link
Contributor

@kotlasaicharanreddy kotlasaicharanreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Contributor

@ShwethaSNayak ShwethaSNayak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ShwethaSNayak ShwethaSNayak merged commit cb5a8b1 into pravega:r0.13 Dec 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants