Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[fix][sec] Upgrade woodstox to 5.4.0 #19041

Merged
merged 1 commit into from
Dec 27, 2022
Merged

[fix][sec] Upgrade woodstox to 5.4.0 #19041

merged 1 commit into from
Dec 27, 2022

Conversation

nicoloboschi
Copy link
Contributor

Motivation

Woodstox 5.3.0 is vulnerable to CVE-2022-40152

Woodstox core is used in the file system offloader

Modifications

  • Upgrade from 5.3.0 to 5.4.0

Documentation

  • doc
  • doc-required
  • doc-not-needed
  • doc-complete

@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Dec 23, 2022
@nicoloboschi nicoloboschi mentioned this pull request Dec 23, 2022
Closed
@nodece
Copy link
Member

nodece commented Dec 26, 2022

/pulsarbot rerun-failure-checks

@codecov-commenter
Copy link

codecov-commenter commented Dec 26, 2022
edited
Loading

Codecov Report

Merging #19041 (fa7721f) into master (feb3cb4) will increase coverage by 0.43%.
The diff coverage is 7.87%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master   #19041      +/-   ##
============================================
+ Coverage     46.35%   46.78%   +0.43%     
- Complexity     8939    10556    +1617     
============================================
  Files           597      709     +112     
  Lines         56858    69421   +12563     
  Branches       5905     7449    +1544     
============================================
+ Hits          26357    32480    +6123     
- Misses        27616    33279    +5663     
- Partials       2885     3662     +777
Flag Coverage Δ
unittests 46.78% <7.87%> (+0.43%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...elayed/bucket/BookkeeperBucketSnapshotStorage.java 0.00% <0.00%> (ø)
...rg/apache/pulsar/broker/delayed/bucket/Bucket.java 0.00% <0.00%> (ø)
...yed/bucket/BucketSnapshotPersistenceException.java 0.00% <0.00%> (ø)
...d/bucket/BucketSnapshotSerializationException.java 0.00% <0.00%> (ø)
.../pulsar/broker/service/BrokerServiceException.java 41.81% <0.00%> (-4.48%) ⬇️
...va/org/apache/pulsar/client/impl/ConsumerImpl.java 15.09% <0.00%> (+<0.01%) ⬆️
...he/pulsar/client/impl/MultiTopicsConsumerImpl.java 22.80% <0.00%> (+0.01%) ⬆️
...ache/pulsar/client/impl/ZeroQueueConsumerImpl.java 0.00% <0.00%> (ø)
...va/org/apache/pulsar/client/impl/ConsumerBase.java 21.51% <6.66%> (-0.42%) ⬇️
...va/org/apache/pulsar/broker/service/ServerCnx.java 47.27% <36.00%> (-1.70%) ⬇️
... and 176 more

@nodece nodece merged commit 39429dc into apache:master Dec 27, 2022
tisonkun pushed a commit to tisonkun/pulsar that referenced this pull request Dec 27, 2022
@nicoloboschi @tisonkun
[fix][sec] Upgrade woodstox to 5.4.0 (apache#19041)
94b4610
@nicoloboschi nicoloboschi added this to the 2.12.0 milestone Jan 4, 2023
nicoloboschi added a commit that referenced this pull request Jan 4, 2023
@nicoloboschi
[fix][sec] Upgrade woodstox to 5.4.0 (#19041)
e4dc95f 
(cherry picked from commit 39429dc)
nicoloboschi added a commit that referenced this pull request Jan 4, 2023
@nicoloboschi
[fix][sec] Upgrade woodstox to 5.4.0 (#19041)
969ca40 
(cherry picked from commit 39429dc)
nicoloboschi added a commit that referenced this pull request Jan 4, 2023
@nicoloboschi
[fix][sec] Upgrade woodstox to 5.4.0 (#19041)
95b272d 
(cherry picked from commit 39429dc)
nicoloboschi added a commit to datastax/pulsar that referenced this pull request Jan 4, 2023
@nicoloboschi
[fix][sec] Upgrade woodstox to 5.4.0 (apache#19041)
63ccd74 
(cherry picked from commit 39429dc)
(cherry picked from commit 969ca40)
@mattisonchao
Copy link
Member

@nicoloboschi
It looks like this PR involves a conflict in branch-2.9. Would you like to fix it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nodece nodece nodece approved these changes

Assignees
No one assigned
Labels
area/security cherry-picked/branch-2.9 Archived: 2.9 is end of life cherry-picked/branch-2.10 cherry-picked/branch-2.11 doc-not-needed Your PR changes do not impact docs release/2.9.5 release/2.10.4 release/2.11.1
Projects
None yet
Milestone
3.0.0
Development

Successfully merging this pull request may close these issues.
4 participants
@nicoloboschi @nodece @codecov-commenter @mattisonchao