Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

force snappy java to 1.1.10.4 for CVE-2023-43642 #578

Merged
merged 3 commits into from
Oct 3, 2023

Conversation

labkey-willm
Copy link
Contributor

Rationale

this forces snappy-java to the patched version

Related Pull Requests

Changes

@labkey-willm
Copy link
Contributor Author

note: the failed DRT tests are (I think) unrelated to my change.

@labkey-jeckels
Copy link
Contributor

note: the failed DRT tests are (I think) unrelated to my change.

Indeed - that's because we branched for 23.10 and the version numbers are still in flux. It showed up in test status this morning.

@labkey-willm
Copy link
Contributor Author

labkey-willm commented Oct 3, 2023

just realized the snappyjava version was previously forced, but was removed, but HTSJDK version hasn't yet updated with the patched snappy version: 23de7fd

Copy link
Contributor

@labkey-adam labkey-adam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be nice to update the comment as suggested, but no need for re-review

build.gradle Outdated Show resolved Hide resolved
Co-authored-by: Adam Rauch <adam@labkey.com>
Copy link
Contributor

@labkey-jeckels labkey-jeckels left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me too

@labkey-willm labkey-willm merged commit 5d72fd0 into develop Oct 3, 2023
1 check passed
@labkey-willm labkey-willm deleted the fb_snappy_java_cve branch October 3, 2023 22:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants