Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[fix][sec] Upgrade snappy-java to address multiple CVEs #20604

Merged
merged 1 commit into from
Jun 20, 2023
Merged

[fix][sec] Upgrade snappy-java to address multiple CVEs #20604

merged 1 commit into from
Jun 20, 2023

Conversation

lhotari
Copy link
Member

@lhotari lhotari commented Jun 19, 2023

Motivation

OWASP dependency check has detected multiple CVEs in snappy-java

Modifications

See https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1

Documentation

  • doc
  • doc-required
  • doc-not-needed
  • doc-complete

@lhotari lhotari added this to the 3.1.0 milestone Jun 19, 2023
@lhotari lhotari self-assigned this Jun 19, 2023
@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Jun 19, 2023
@lhotari
Copy link
Member Author

lhotari commented Jun 19, 2023

I also created PRs to Zookeeper (apache/zookeeper#2014) and Bookkeeper (apache/bookkeeper#3993) to upgrade snappy-java to 1.1.10.1 .

@lhotari lhotari force-pushed the lh-snappy-upgrade branch from 107c3c6 to ce56964 Compare June 20, 2023 13:08
@lhotari lhotari merged commit 62a99ed into apache:master Jun 20, 2023
nicoloboschi pushed a commit to datastax/pulsar that referenced this pull request Jul 3, 2023
@lhotari @nicoloboschi
[fix][sec] Upgrade snappy-java to address multiple CVEs (apache#20604)
51585c2 
(cherry picked from commit 62a99ed)
nicoloboschi pushed a commit that referenced this pull request Jul 3, 2023
@lhotari @nicoloboschi
[fix][sec] Upgrade snappy-java to address multiple CVEs (#20604)
dc25810 
(cherry picked from commit 62a99ed)
nicoloboschi pushed a commit that referenced this pull request Jul 3, 2023
@lhotari @nicoloboschi
[fix][sec] Upgrade snappy-java to address multiple CVEs (#20604)
186fc9d 
(cherry picked from commit 62a99ed)
RobertIndie pushed a commit that referenced this pull request Jul 13, 2023
@lhotari @RobertIndie
[fix][sec] Upgrade snappy-java to address multiple CVEs (#20604)
0cd4bed 
(cherry picked from commit 62a99ed)
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@nodece nodece nodece approved these changes

@tisonkun tisonkun tisonkun approved these changes

@hezhangjian hezhangjian Awaiting requested review from hezhangjian

@nicoloboschi nicoloboschi Awaiting requested review from nicoloboschi

Assignees

@lhotari lhotari

Labels
area/security cherry-picked/branch-2.10 cherry-picked/branch-2.11 cherry-picked/branch-3.0 doc-not-needed Your PR changes do not impact docs ready-to-test release/2.10.5 release/2.11.2 release/3.0.1
Projects
None yet
Milestone
3.1.0
Development

Successfully merging this pull request may close these issues.
5 participants
@lhotari @nodece @tisonkun @RobertIndie @nicoloboschi