You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by br...@apache.org on 2022/02/28 13:47:53 UTC
[cassandra] branch cassandra-4.0 updated (a8b67e3 -> 4fa5417)
This is an automated email from the ASF dual-hosted git repository.
brandonwilliams pushed a change to branch cassandra-4.0
in repository https://gitbox.apache.org/repos/asf/cassandra.git.
from a8b67e3 Streaming tasks handle empty SSTables correctly patch by Aleksandr Sorokoumov; reviewed by Marcus Eriksson and Zhao Yang for CASSANDRA-16349
new f18b432 Suppress more inapplicables: CVE-2021-43797, CVE-2021-37136, CVE-2021-37137
new a4c9a40 Merge branch 'cassandra-3.0' into cassandra-3.11
new 4fa5417 Merge branch 'cassandra-3.11' into cassandra-4.0
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.build/dependency-check-suppressions.xml | 3 +++
CHANGES.txt | 1 +
2 files changed, 4 insertions(+)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org
[cassandra] 01/01: Merge branch 'cassandra-3.11' into cassandra-4.0
Posted by br...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
brandonwilliams pushed a commit to branch cassandra-4.0
in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit 4fa541705c11af7dc9cc935f3698a64b08c5612d
Merge: a8b67e3 a4c9a40
Author: Brandon Williams <br...@apache.org>
AuthorDate: Mon Feb 28 07:46:27 2022 -0600
Merge branch 'cassandra-3.11' into cassandra-4.0
.build/dependency-check-suppressions.xml | 3 +++
CHANGES.txt | 1 +
2 files changed, 4 insertions(+)
diff --cc .build/dependency-check-suppressions.xml
index 10709d7,ce51590..0003951
--- a/.build/dependency-check-suppressions.xml
+++ b/.build/dependency-check-suppressions.xml
@@@ -27,21 -56,21 +27,24 @@@
<cve>CVE-2020-13946</cve>
<cve>CVE-2020-17516</cve>
</suppress>
-
- <!-- https://issues.apache.org/jira/browse/CASSANDRA-14760 -->
<suppress>
+ <!-- dependency checker identified this as a completely different package (wire) -->
+ <packageUrl regex="true">^pkg:maven/net\.openhft/chronicle\-wire@.*$</packageUrl>
+ <cpe>cpe:/a:wire:wire</cpe>
+ </suppress>
+ <suppress>
+ <!-- not applicable https://nvd.nist.gov/vuln/detail/CVE-2020-8908 -->
<packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
- <cve>CVE-2018-10237</cve>
<cve>CVE-2020-8908</cve>
</suppress>
-
- <!-- https://issues.apache.org/jira/browse/CASSANDRA-16606 -->
+ <!-- netty's http stuff is not applicable here -->
<suppress>
- <packageUrl regex="true">^pkg:maven/org\.apache\.thrift/libthrift@.*$</packageUrl>
- <cve>CVE-2015-3254</cve>
- <cve>CVE-2016-5397</cve>
- <cve>CVE-2018-1320</cve>
- <cve>CVE-2018-11798</cve>
- <cve>CVE-2019-0205</cve>
+ <packageUrl regex="true">^pkg:maven/io\.netty/netty\-all@.*$</packageUrl>
+ <cve>CVE-2021-21290</cve>
+ <cve>CVE-2021-21295</cve>
+ <cve>CVE-2021-21409</cve>
++ <cve>CVE-2021-37136</cve>
++ <cve>CVE-2021-37137</cve>
++ <cve>CVE-2021-43797</cve>
</suppress>
</suppressions>
diff --cc CHANGES.txt
index 5dd0675,b055b12..ea4960b
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,7 -1,6 +1,8 @@@
-3.11.13
+4.0.4
+ * Streaming tasks handle empty SSTables correctly (CASSANDRA-16349)
+ * Prevent SSTableLoader from doing unnecessary work (CASSANDRA-16349)
Merged from 3.0:
+ * Suppress inapplicable CVEs (CASSANDRA-17368)
* Fix flaky test - test_cqlsh_completion.TestCqlshCompletion (CASSANDRA-17338)
* Fixed TestCqlshOutput failing tests (CASSANDRA-17386)
* Lazy transaction log replica creation allows incorrect replica content divergence during anticompaction (CASSANDRA-17273)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org