You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by br...@apache.org on 2022/05/18 15:13:20 UTC
[cassandra] branch cassandra-4.0 updated (27b5a017ea -> 6158dccbcb)
This is an automated email from the ASF dual-hosted git repository.
brandonwilliams pushed a change to branch cassandra-4.0
in repository https://gitbox.apache.org/repos/asf/cassandra.git
from 27b5a017ea Flaky org.apache.cassandra.cql3.KeywordTest
new a482e37435 Suppress CVE-2022-24823
new 01ebd9936f Merge branch 'cassandra-3.0' into cassandra-3.11
new 6158dccbcb Merge branch 'cassandra-3.11' into cassandra-4.0
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.build/dependency-check-suppressions.xml | 1 +
CHANGES.txt | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org
[cassandra] 01/01: Merge branch 'cassandra-3.11' into cassandra-4.0
Posted by br...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
brandonwilliams pushed a commit to branch cassandra-4.0
in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit 6158dccbcb7716d6f907311242b2693427340ec2
Merge: 27b5a017ea 01ebd9936f
Author: Brandon Williams <br...@apache.org>
AuthorDate: Wed May 18 10:10:04 2022 -0500
Merge branch 'cassandra-3.11' into cassandra-4.0
.build/dependency-check-suppressions.xml | 1 +
CHANGES.txt | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --cc .build/dependency-check-suppressions.xml
index 7633085a82,85684ac124..5ceca24397
--- a/.build/dependency-check-suppressions.xml
+++ b/.build/dependency-check-suppressions.xml
@@@ -28,24 -58,21 +28,25 @@@
<cve>CVE-2020-17516</cve>
<cve>CVE-2021-44521</cve>
</suppress>
-
- <!-- https://issues.apache.org/jira/browse/CASSANDRA-14760 -->
<suppress>
+ <!-- dependency checker identified this as a completely different package (wire) -->
+ <packageUrl regex="true">^pkg:maven/net\.openhft/chronicle\-wire@.*$</packageUrl>
+ <cpe>cpe:/a:wire:wire</cpe>
+ </suppress>
+ <suppress>
+ <!-- not applicable https://nvd.nist.gov/vuln/detail/CVE-2020-8908 -->
<packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
- <cve>CVE-2018-10237</cve>
<cve>CVE-2020-8908</cve>
</suppress>
-
- <!-- https://issues.apache.org/jira/browse/CASSANDRA-16606 -->
+ <!-- netty's http stuff is not applicable here -->
<suppress>
- <packageUrl regex="true">^pkg:maven/org\.apache\.thrift/libthrift@.*$</packageUrl>
- <cve>CVE-2015-3254</cve>
- <cve>CVE-2016-5397</cve>
- <cve>CVE-2018-1320</cve>
- <cve>CVE-2018-11798</cve>
- <cve>CVE-2019-0205</cve>
+ <packageUrl regex="true">^pkg:maven/io\.netty/netty\-all@.*$</packageUrl>
+ <cve>CVE-2021-21290</cve>
+ <cve>CVE-2021-21295</cve>
+ <cve>CVE-2021-21409</cve>
+ <cve>CVE-2021-37136</cve>
+ <cve>CVE-2021-37137</cve>
+ <cve>CVE-2021-43797</cve>
++ <cve>CVE-2022-24823</cve>
</suppress>
</suppressions>
diff --cc CHANGES.txt
index eff3c638a5,689fbfd2ba..bf7f8137c6
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,6 -1,6 +1,7 @@@
-3.11.14
+4.0.5
- Merged from 3.11.13:
++Merged from 3.11:
Merged from 3.0:
+ * Suppress CVE-2022-24823 (CASSANDRA-17633)
* fsync TOC and digest files (CASSANDRA-10709)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org