Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cargo: update hyper to v0.9.18 #2686

Merged
merged 3 commits into from Jan 15, 2018

Conversation

@overvenus
Copy link
Contributor

commented Jan 15, 2018

Update hyper in order to fix a vulnerability of hyper:

The vulnerability of hyper:

ID: RUSTSEC-2017-0002
Crate: hyper
Version: 0.9.10
Date: 2017-01-23
URL: https://github.com/hyperium/hyper/wiki/Security-001
Title: headers containing newline characters can split messages
Solution: upgrade to: >= 0.10.2, < 0.10.0, >= 0.9.18

@overvenus overvenus requested review from siddontang and BusyJay Jan 15, 2018

@ngaut

This comment has been minimized.

Copy link
Member

commented Jan 15, 2018

LGTM

@huachaohuang
Copy link
Contributor

left a comment

LGTM

@siddontang

This comment has been minimized.

Copy link
Contributor

commented Jan 15, 2018

Does Prometheus need to do it? @overvenus

CI failed

@overvenus

This comment has been minimized.

Copy link
Contributor Author

commented Jan 15, 2018

/rebuild

@overvenus

This comment has been minimized.

Copy link
Contributor Author

commented Jan 15, 2018

@siddontang
No, Prometheus is fine. It only affects crates that keep the Cargo.lock and the hyper's version is lower than 0.9.18.

@siddontang

This comment has been minimized.

Copy link
Contributor

commented Jan 15, 2018

LGTM

@overvenus overvenus merged commit bc84f1b into tikv:master Jan 15, 2018

3 checks passed

ci/circleci Your tests passed on CircleCI!
Details
jenkins-ci-tikv/build Jenkins job succeeded.
Details
license/cla Contributor License Agreement is signed.
Details

@overvenus overvenus deleted the overvenus:update-hyper branch Jan 15, 2018

overvenus added a commit to overvenus/tikv that referenced this pull request Jan 15, 2018
overvenus added a commit that referenced this pull request Jan 18, 2018
Cherry pick several bug fixes (#2688)
* Cargo: update prometheus to v0.3.7 (#2684)

* Cargo: update hyper to v0.9.18 (#2686)

* pd: cancel call when refreshing client (#2669)

* ci-build/test.sh: add execute permission (#2472)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.