Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 2.13] Bump up commons-compress to 1.26.1 to fix CVE #13151

Merged
merged 2 commits into from
Apr 11, 2024
Merged

[Backport 2.13] Bump up commons-compress to 1.26.1 to fix CVE #13151

merged 2 commits into from
Apr 11, 2024

Conversation

peternied
Copy link
Member

Description

Backport c658ad7 from #13068.

Related Issues

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Failing checks are inspected and point to the corresponding known issue(s) (See: Troubleshooting Failing Builds)
  • Commits are signed per the DCO using --signoff
  • Commit changes are listed out in CHANGELOG.md file (See: Changelog)
  • Public documentation issue/PR created

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@sandeshkr419 @peternied
[Backport 2.13] Bump up commons-compress to 1.26.1 to fix CVE
87be8e6 
* Bump up commons-compress to 1.26.0 to fix CVE

* Change log entry

* Update ignoreMissingClasses

* Update commons-codec and commons-lang3 dependencies also

* Upgrade commons-codec to 1.16.1

* Add commons-io dependency in plugin-cli build.gradle

* Revert "Update ignoreMissingClasses"

This reverts commit d92fbda.

* Adding SHA for commons-io-2.15.1.jar

* adding license, notice files for commons-io

* Add missing classes for thirdPartyAudit

* Refactor

* Test commit - to be reverted

* Bump commons-compress to 1.26.1, tika to 2.9.1

* Remove Charsets class from exclusion list - not missing

* Update tika to 2.9.2

* commons-io 2.16.0

* Refactor commons-io dependency mentions to avoid manual version setting/update

---------

Signed-off-by: Aman Khare <amkhar@amazon.com>
Signed-off-by: Sandesh Kumar <sandeshkr419@gmail.com>
Co-authored-by: Aman Khare <amkhar@amazon.com>
(cherry picked from commit c658ad7)
Signed-off-by: Peter Nied <peternied@hotmail.com>
@peternied peternied mentioned this pull request Apr 11, 2024
Merged
8 tasks
sandeshkr419
sandeshkr419 reviewed Apr 11, 2024
View reviewed changes
CHANGELOG.md Outdated Show resolved Hide resolved
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 11, 2024
edited
Loading

Compatibility status:

Checks if related components are compatible with change d4eac1e

Incompatible components

Skipped components

Compatible components

Compatible components: [https://github.com/opensearch-project/custom-codecs.git, https://github.com/opensearch-project/neural-search.git, https://github.com/opensearch-project/observability.git, https://github.com/opensearch-project/flow-framework.git, https://github.com/opensearch-project/job-scheduler.git, https://github.com/opensearch-project/cross-cluster-replication.git, https://github.com/opensearch-project/geospatial.git, https://github.com/opensearch-project/security-analytics.git, https://github.com/opensearch-project/k-nn.git, https://github.com/opensearch-project/notifications.git, https://github.com/opensearch-project/asynchronous-search.git, https://github.com/opensearch-project/reporting.git, https://github.com/opensearch-project/ml-commons.git, https://github.com/opensearch-project/sql.git, https://github.com/opensearch-project/common-utils.git, https://github.com/opensearch-project/index-management.git, https://github.com/opensearch-project/anomaly-detection.git, https://github.com/opensearch-project/performance-analyzer-rca.git, https://github.com/opensearch-project/security.git, https://github.com/opensearch-project/alerting.git, https://github.com/opensearch-project/performance-analyzer.git]

@github-actions GitHub Actions
Copy link
Contributor

✅ Gradle check result for 87be8e6: SUCCESS

@codecov Codecov
Copy link

codecov bot commented Apr 11, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

❗ No coverage uploaded for pull request base (2.13@c7a11cf). Click here to learn what that means.

Additional details and impacted files 
@@           Coverage Diff           @@
##             2.13   #13151   +/-   ##
=======================================
  Coverage        ?   71.09%           
  Complexity      ?    60268           
=======================================
  Files           ?     4984           
  Lines           ?   284233           
  Branches        ?    41540           
=======================================
  Hits            ?   202089           
  Misses          ?    65127           
  Partials        ?    17017

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@peternied
Update changelog to only updated components
d4eac1e 
Signed-off-by: Peter Nied <peternied@hotmail.com>
@github-actions GitHub Actions
Copy link
Contributor

✅ Gradle check result for d4eac1e: SUCCESS

@reta reta merged commit d499a74 into opensearch-project:2.13 Apr 11, 2024
29 checks passed
@peternied peternied deleted the backport/backport-13068-to-2.13 branch April 11, 2024 11:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sandeshkr419 sandeshkr419 sandeshkr419 left review comments

@reta reta reta approved these changes

@abbashus abbashus Awaiting requested review from abbashus

@adnapibar adnapibar Awaiting requested review from adnapibar

@anasalkouz anasalkouz Awaiting requested review from anasalkouz anasalkouz is a code owner

@andrross andrross Awaiting requested review from andrross andrross is a code owner

@Bukhtawar Bukhtawar Awaiting requested review from Bukhtawar Bukhtawar is a code owner

@CEHENKLE CEHENKLE Awaiting requested review from CEHENKLE CEHENKLE is a code owner

@dblock dblock Awaiting requested review from dblock dblock is a code owner

@dbwiddis dbwiddis Awaiting requested review from dbwiddis dbwiddis is a code owner

@dreamer-89 dreamer-89 Awaiting requested review from dreamer-89 dreamer-89 is a code owner

@gbbafna gbbafna Awaiting requested review from gbbafna gbbafna is a code owner

@kotwanikunal kotwanikunal Awaiting requested review from kotwanikunal kotwanikunal is a code owner

@mch2 mch2 Awaiting requested review from mch2 mch2 is a code owner

@msfroh msfroh Awaiting requested review from msfroh msfroh is a code owner

@nknize nknize Awaiting requested review from nknize nknize is a code owner

@owaiskazi19 owaiskazi19 Awaiting requested review from owaiskazi19 owaiskazi19 is a code owner

@Rishikesh1159 Rishikesh1159 Awaiting requested review from Rishikesh1159 Rishikesh1159 is a code owner

@ryanbogan ryanbogan Awaiting requested review from ryanbogan

@sachinpkale sachinpkale Awaiting requested review from sachinpkale sachinpkale is a code owner

@saratvemulapalli saratvemulapalli Awaiting requested review from saratvemulapalli saratvemulapalli is a code owner

@shwetathareja shwetathareja Awaiting requested review from shwetathareja shwetathareja is a code owner

@sohami sohami Awaiting requested review from sohami sohami is a code owner

@tlfeng tlfeng Awaiting requested review from tlfeng tlfeng is a code owner

@VachaShah VachaShah Awaiting requested review from VachaShah VachaShah is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@peternied @reta @sandeshkr419