You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2021/04/19 07:50:34 UTC

[GitHub] [pulsar] lhotari opened a new pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541

lhotari opened a new pull request #10261:
URL: https://github.com/apache/pulsar/pull/10261


   ### Motivation
   
   The current vertx version is 3.5.3 which has a vulnerability, CVE-2018-12541 .
   
   ### Changes
   
   - Upgrade vertx version to 3.9.7 which is the most recent in 3.x releases.
   
   Notice:
   vertx is a transitive dependency of bookkeeper. There's a separate PR in apache/bookkeeper to upgrade vertx library: #2693 . It should be fine to upgrade vertx to 3.9.7 when using the released bookkeeper version 4.13.0 . There isn't a requirement for having a released version of bookkeeper with the upgraded vertx version.
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] eolivelli merged pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541

Posted by GitBox <gi...@apache.org>.

eolivelli merged pull request #10261:
URL: https://github.com/apache/pulsar/pull/10261


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] lhotari commented on pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541

Posted by GitBox <gi...@apache.org>.

lhotari commented on pull request #10261:
URL: https://github.com/apache/pulsar/pull/10261#issuecomment-822273784


   /pulsarbot run-failure-checks


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] lhotari edited a comment on pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541

Posted by GitBox <gi...@apache.org>.

lhotari edited a comment on pull request #10261:
URL: https://github.com/apache/pulsar/pull/10261#issuecomment-822420039


   > can you please explain why we can upgrade without upgrading BK ?
   > 
   > it looks like there is an API compatibility issue here
   > 
   > https://github.com/apache/bookkeeper/pull/2693/files#diff-edeb9ac83b92c91d8ea5563e07e27c3d4b34f241f0d248d49f68b3dfa490dd23L85
   
   the API is compatible. That change is just to remove the usage of a deprecated API.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] lhotari commented on pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541

Posted by GitBox <gi...@apache.org>.

lhotari commented on pull request #10261:
URL: https://github.com/apache/pulsar/pull/10261#issuecomment-822420039


   > can you please explain why we can upgrade without upgrading BK ?
   > 
   > it looks like there is an API compatibility issue here
   > 
   > https://github.com/apache/bookkeeper/pull/2693/files#diff-edeb9ac83b92c91d8ea5563e07e27c3d4b34f241f0d248d49f68b3dfa490dd23L85
   
   the API is compatible. That change is just to fix a deprecated API.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] lhotari commented on pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541

Posted by GitBox <gi...@apache.org>.

lhotari commented on pull request #10261:
URL: https://github.com/apache/pulsar/pull/10261#issuecomment-822398082






-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org