fix(deps): update dependency com.hazelcast:hazelcast to v5.3.5 [security] #3328
Conversation
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
![renovate-approve[bot]](https://avatars.githubusercontent.com/in/7394?s=60&v=4){kind=small}
github-actions
bot
added
quarkus
PR Summary
|
|
|
Code Climate has analyzed commit 11db0d4 and detected 0 issues on this pull request. View more on Code Climate. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #3328 +/- ##
=============================================
- Coverage 100.00% 96.16% -3.84%
- Complexity 0 30 +30
=============================================
Files 8 60 +52
Lines 99 939 +840
Branches 2 28 +26
=============================================
+ Hits 99 903 +804
- Misses 0 30 +30
- Partials 0 6 +6 ☔ View full report in Codecov by Sentry. |
|
Datadog ReportAll test runs ✅ 23 Total Test Services: 0 Failed, 23 Passed Test ServicesThis report shows up to 10 services
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
renovate
bot
force-pushed
the
renovate/maven-com.hazelcast-hazelcast-vulnerability
branch
from
11db0d4
to
8135f72
Compare
renovate
bot
deleted the
renovate/maven-com.hazelcast-hazelcast-vulnerability
branch
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This PR contains the following updates:
5.3.1->5.3.5Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
CVE-2023-45860
Impact
In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.
Patches
Fix versions: 5.3.5, 5.4.0-BETA-1
Workaround
Disabling Hazelcast Jet processing engine in Hazelcast member configuration workarounds the issue. As a result SQL and Jet jobs won't work.
CVE-2023-45859
Impact
In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster.
Patches
Fix versions: 5.2.5, 5.3.5, 5.4.0-BETA-1
Workarounds
There is no known workaround.
Release Notes
hazelcast/hazelcast (com.hazelcast:hazelcast)
v5.3.5This document lists the enhancements, fixed issues, and removed or deprecated features for Hazelcast Platform 5.3.5 release. The numbers in the square brackets refer to the issues and pull requests in Hazelcast's GitHub repository.
NOTE: Due to an error in the tooling, the Platform releases 5.3.3 and 5.3.4 needed to be skipped numerically.
Enhancements
CancellationExceptiontoCancellationByUserExceptionin case the user cancels a job before it is initialized. [#25452]hazelcast.Previously, the name was
hazelcast-service-portcausing the member auto-discovery (for embedded deployments) to fail. [#24834]Fixes
Removed/Deprecated Features
v5.3.2This document lists the enhancements and fixed issues for Hazelcast Platform 5.3.2 release. The numbers in the square brackets refer to the issues and pull requests in Hazelcast's GitHub repository.
Enhancements
Fixes
hazelcast.Previously, the name was
hazelcast-service-portcausing the member auto-discovery (for embedded deployments) to fail. [#25228]getDistributedObjects()was returning inconsistent results when multiple members are simultaneously joining to the cluster. [#25153]FROZENstate. [#25081]Configuration
📅 Schedule: Branch creation - "" in timezone Asia/Tokyo, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.