Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Getting rid of CVEs in Solr connector #13822

Merged
merged 1 commit into from Jan 20, 2022
Merged

Getting rid of CVEs in Solr connector #13822

merged 1 commit into from Jan 20, 2022

Conversation

dlg99
Copy link
Contributor

@dlg99 dlg99 commented Jan 19, 2022

Getting rid of CVEs in Solr connector

CVE-2019-17638
CVE-2020-27216
CVE-2020-27218
CVE-2020-27223
CVE-2021-28165
CVE-2021-28169
CVE-2021-34428
CVE-2021-27905
CVE-2021-29262
CVE-2021-29943
CVE-2021-44548

Motivation

mvn clean install verify -Powasp-dependency-check -DskipTests found various CVEs

Modifications

Upgraded dependencies

Verifying this change

  • Make sure that the change passes the CI checks.

This change is already covered by existing tests

Does this pull request potentially affect one of the following parts:

If yes was chosen, please highlight the changes

  • Dependencies (does it add or upgrade a dependency): YES
  • The public API: (yes / no)
  • The schema: (yes / no / don't know)
  • The default values of configurations: (yes / no)
  • The wire protocol: (yes / no)
  • The rest endpoints: (yes / no)
  • The admin cli options: (yes / no)
  • Anything that affects deployment: (yes / no / don't know)

Documentation

Check the box below or label this PR directly (if you have committer privilege).

Need to update docs?

  • doc-required

    (If you need help on updating docs, create a doc issue)

  • no-need-doc

    (Please explain why)

  • doc

    (If this PR contains doc changes)

@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Jan 19, 2022
lhotari
lhotari approved these changes Jan 19, 2022
View reviewed changes
Copy link
Member

@lhotari lhotari left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dlg99
Copy link
Contributor Author

dlg99 commented Jan 19, 2022

/pulsarbot run-failure-checks

@codelipenghui codelipenghui merged commit 76fc2fb into apache:master Jan 20, 2022
@codelipenghui codelipenghui added this to the 2.10.0 milestone Jan 20, 2022
codelipenghui pushed a commit that referenced this pull request Jan 21, 2022
@dlg99 @codelipenghui
Getting rid of CVEs in Solr connector (#13822)
9909ec8 
CVE-2019-17638
CVE-2020-27216
CVE-2020-27218
CVE-2020-27223
CVE-2021-28165
CVE-2021-28169
CVE-2021-34428
CVE-2021-27905
CVE-2021-29262
CVE-2021-29943
CVE-2021-44548

(cherry picked from commit 76fc2fb)
@codelipenghui codelipenghui added the cherry-picked/branch-2.9 Archived: 2.9 is end of life label Jan 21, 2022
codelipenghui pushed a commit that referenced this pull request Jan 27, 2022
@dlg99 @codelipenghui
Getting rid of CVEs in Solr connector (#13822)
7751597 
CVE-2019-17638
CVE-2020-27216
CVE-2020-27218
CVE-2020-27223
CVE-2021-28165
CVE-2021-28169
CVE-2021-34428
CVE-2021-27905
CVE-2021-29262
CVE-2021-29943
CVE-2021-44548

(cherry picked from commit 76fc2fb)
@codelipenghui codelipenghui added the cherry-picked/branch-2.8 Archived: 2.8 is end of life label Jan 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lhotari lhotari lhotari approved these changes

@shoothzj shoothzj shoothzj approved these changes

@nicoloboschi nicoloboschi nicoloboschi approved these changes

Assignees

@dlg99 dlg99

Labels
area/security cherry-picked/branch-2.8 Archived: 2.8 is end of life cherry-picked/branch-2.9 Archived: 2.9 is end of life doc-not-needed Your PR changes do not impact docs release/2.8.3 release/2.9.2
Projects
None yet
Milestone
2.10.0
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@dlg99 @lhotari @shoothzj @nicoloboschi @codelipenghui @gaoran10