Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[improve][sec] suppress CVE-2021-3563 of openstack-keystone-2.5.0 #17458

Merged
merged 7 commits into from
Sep 5, 2022
Merged

[improve][sec] suppress CVE-2021-3563 of openstack-keystone-2.5.0 #17458

merged 7 commits into from
Sep 5, 2022

Conversation

tisonkun
Copy link
Member

@tisonkun tisonkun commented Sep 5, 2022

  • doc-not-needed

This is based on #17457. There's no logical dependency but batch them here to run against CI.

@nicoloboschi @lhotari for openstack-keystone-2.5.0 reports, I'm unsure whether we can exclude it from the dependencies and avoid receiving more false positives from Pulsar's perspective? I don't find this dependency bundled in the release.

@tisonkun
[fix][sec] bump snakeyaml to 1.31 fix CVE-2022-25857
143e56f 
Signed-off-by: tison <wander4096@gmail.com>
@tisonkun
[improve][sec] suppress CVE-2021-3563 of openstack-keystone-2.5.0
d79969b 
Signed-off-by: tison <wander4096@gmail.com>
@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Sep 5, 2022
@tisonkun tisonkun mentioned this pull request Sep 5, 2022
Merged
1 task
@zymap zymap added this to the 2.11.0 milestone Sep 5, 2022
@tisonkun
Copy link
Member Author

tisonkun commented Sep 5, 2022

/pulsarbot run-failure-checks

@tisonkun
Copy link
Member Author

tisonkun commented Sep 5, 2022

/pulsarbot run-failure-checks

@Technoboy- Technoboy- merged commit 0e4e88b into apache:master Sep 5, 2022
@tisonkun tisonkun deleted the suppress-CVE-2021-3563 branch September 5, 2022 06:32
tisonkun added a commit to tisonkun/pulsar that referenced this pull request Sep 5, 2022
@tisonkun
[improve][sec] suppress CVE-2021-3563 of openstack-keystone-2.5.0 (ap…
db6e98d 
…ache#17458)
@tisonkun tisonkun mentioned this pull request Sep 5, 2022
Merged
1 task
Technoboy- pushed a commit that referenced this pull request Sep 5, 2022
@tisonkun
[improve][sec] suppress CVE-2021-3563 of openstack-keystone-2.5.0 (#1…
ebd8a3f 
…7458) (#17467)
@Jason918 Jason918 mentioned this pull request Sep 20, 2022
Closed
5 tasks
@Jason918 Jason918 added release/2.10.2 type/enhancement The enhancements for the existing features or docs. e.g. reduce memory usage of the delayed messages area/security labels Sep 20, 2022
Jason918 pushed a commit that referenced this pull request Sep 20, 2022
@tisonkun @Jason918
[improve][sec] suppress CVE-2021-3563 of openstack-keystone-2.5.0 (#1…
d2764d6 
…7458)

(cherry picked from commit 0e4e88b)
nicoloboschi pushed a commit to datastax/pulsar that referenced this pull request Sep 20, 2022
@tisonkun @nicoloboschi
[improve][sec] suppress CVE-2021-3563 of openstack-keystone-2.5.0 (ap…
7dde1e4 
…ache#17458)

(cherry picked from commit 0e4e88b)
(cherry picked from commit d2764d6)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zymap zymap zymap approved these changes

@Technoboy- Technoboy- Technoboy- approved these changes

@nicoloboschi nicoloboschi Awaiting requested review from nicoloboschi

@dlg99 dlg99 Awaiting requested review from dlg99

@eolivelli eolivelli Awaiting requested review from eolivelli

Assignees

@tisonkun tisonkun

Labels
area/security cherry-picked/branch-2.10 doc-not-needed Your PR changes do not impact docs release/2.10.2 type/enhancement The enhancements for the existing features or docs. e.g. reduce memory usage of the delayed messages
Projects
None yet
Milestone
2.11.0
Development

Successfully merging this pull request may close these issues.
4 participants
@tisonkun @Technoboy- @zymap @Jason918