Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[fix](sec) upgrade mysql:mysql-connector-java to 8.0.28 #22776

Merged
merged 1 commit into from
Sep 2, 2023
Merged

[fix](sec) upgrade mysql:mysql-connector-java to 8.0.28 #22776

merged 1 commit into from
Sep 2, 2023

Conversation

ChengDaqi2023
Copy link
Contributor

What happened?

There are 3 security vulnerabilities found in mysql:mysql-connector-java 8.0.15

What did I do?

Upgrade mysql:mysql-connector-java from 8.0.15 to 8.0.28 for vulnerability fix

What did you expect to happen?

Ideally, no insecure libs should be used.

How can we automate the detection of these types of issues?

By using the GitHub Actions configurations provided by murphysec, we can conduct automatic code security checks in our CI pipeline.

The specification of the pull request

PR Specification from OSCS

dataroaring
dataroaring approved these changes Sep 2, 2023
View reviewed changes
Copy link
Contributor

@dataroaring dataroaring left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dataroaring dataroaring changed the title fix(sec): upgrade mysql:mysql-connector-java to 8.0.28 [fix](sec) upgrade mysql:mysql-connector-java to 8.0.28 Sep 2, 2023
@dataroaring
Copy link
Contributor

run buildall

@github-actions github-actions bot added the approved Indicates a PR has been approved by one committer. label Sep 2, 2023
@github-actions
Copy link
Contributor

github-actions bot commented Sep 2, 2023

PR approved by at least one committer and no changes requested.

@github-actions
Copy link
Contributor

github-actions bot commented Sep 2, 2023

PR approved by anyone and no changes requested.

JNSimba
JNSimba approved these changes Sep 2, 2023
View reviewed changes
Copy link
Member

@JNSimba JNSimba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dataroaring dataroaring merged commit 4b99179 into apache:master Sep 2, 2023
xiaokang pushed a commit that referenced this pull request Sep 5, 2023
@ChengDaqi2023 @xiaokang
[fix](sec) update mysql:mysql-connector-java 8.0.15 to 8.0.28 (#22776)
3a1bbc6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JNSimba JNSimba JNSimba approved these changes

@Yukang-Lian Yukang-Lian Yukang-Lian approved these changes

@dataroaring dataroaring dataroaring approved these changes

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by one committer. dev/2.0.2-merged reviewed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ChengDaqi2023 @dataroaring @JNSimba @Yukang-Lian @xiaokang