You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by aw...@apache.org on 2018/02/14 21:28:39 UTC
[01/15] cassandra git commit: CVE-2017-5929 Security vulnerability in
Logback warning in NEWS.txt
Repository: cassandra
Updated Branches:
refs/heads/cassandra-2.1 b2949439e -> 4bbd28a04
refs/heads/cassandra-2.2 1602e6063 -> 08ebe8297
refs/heads/cassandra-3.0 890f31914 -> 2461187c0
refs/heads/cassandra-3.11 1d506f9d0 -> 630c18eb3
refs/heads/trunk 7a424bc2a -> 44ce9536f
CVE-2017-5929 Security vulnerability in Logback warning in NEWS.txt
Patch by Ariel Weisberg; Reviewed by Jason Brown for CASSANDRA-14183
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/4bbd28a0
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/4bbd28a0
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/4bbd28a0
Branch: refs/heads/cassandra-2.1
Commit: 4bbd28a043f15dd6c19de157acb5950319e8c16c
Parents: b294943
Author: Ariel Weisberg <aw...@apple.com>
Authored: Wed Feb 14 11:55:00 2018 -0500
Committer: Ariel Weisberg <aw...@apple.com>
Committed: Wed Feb 14 11:55:00 2018 -0500
----------------------------------------------------------------------
CHANGES.txt | 3 +++
NEWS.txt | 9 +++++++++
2 files changed, 12 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/4bbd28a0/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index 9332354..0c25388 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,3 +1,6 @@
+2.1.21
+ * CVE-2017-5929 Security vulnerability in Logback warning in NEWS.txt (CASSANDRA-14183)
+
2.1.20
* Protect against overflow of local expiration time (CASSANDRA-14092)
* More PEP8 compliance for cqlsh (CASSANDRA-14021)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/4bbd28a0/NEWS.txt
----------------------------------------------------------------------
diff --git a/NEWS.txt b/NEWS.txt
index fb6b4ee..232f3cd 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -18,6 +18,15 @@ CASSANDRA-14092.txt file.
If you use or plan to use very large TTLS (10 to 20 years), read CASSANDRA-14092.txt
for more information.
+PLEASE READ: CVE-2017-5929 LOGBACK BEFORE 1.2.0 SERIALIZATION VULNERABILITY
+------------------------------------------------------------------
+QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the
+SocketServer and ServerSocketReceiver components.
+
+Logback has not been upgraded to avoid breaking deployments and customizations
+based on older versions. If you are using vulnerable components you will need
+to upgrade to a newer version of Logback or stop using the vulnerable components.
+
GENERAL UPGRADING ADVICE FOR ANY VERSION
========================================
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org
[15/15] cassandra git commit: Merge branch 'cassandra-3.11' into trunk
Posted by aw...@apache.org.
Merge branch 'cassandra-3.11' into trunk
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/44ce9536
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/44ce9536
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/44ce9536
Branch: refs/heads/trunk
Commit: 44ce9536ff7bbc522a87839a85fc346ca3a279fe
Parents: 7a424bc 630c18e
Author: Ariel Weisberg <aw...@apple.com>
Authored: Wed Feb 14 13:36:58 2018 -0500
Committer: Ariel Weisberg <aw...@apple.com>
Committed: Wed Feb 14 13:36:58 2018 -0500
----------------------------------------------------------------------
----------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org
[02/15] cassandra git commit: CVE-2017-5929 Security vulnerability in
Logback warning in NEWS.txt
Posted by aw...@apache.org.
CVE-2017-5929 Security vulnerability in Logback warning in NEWS.txt
Patch by Ariel Weisberg; Reviewed by Jason Brown for CASSANDRA-14183
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/4bbd28a0
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/4bbd28a0
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/4bbd28a0
Branch: refs/heads/cassandra-2.2
Commit: 4bbd28a043f15dd6c19de157acb5950319e8c16c
Parents: b294943
Author: Ariel Weisberg <aw...@apple.com>
Authored: Wed Feb 14 11:55:00 2018 -0500
Committer: Ariel Weisberg <aw...@apple.com>
Committed: Wed Feb 14 11:55:00 2018 -0500
----------------------------------------------------------------------
CHANGES.txt | 3 +++
NEWS.txt | 9 +++++++++
2 files changed, 12 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/4bbd28a0/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index 9332354..0c25388 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,3 +1,6 @@
+2.1.21
+ * CVE-2017-5929 Security vulnerability in Logback warning in NEWS.txt (CASSANDRA-14183)
+
2.1.20
* Protect against overflow of local expiration time (CASSANDRA-14092)
* More PEP8 compliance for cqlsh (CASSANDRA-14021)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/4bbd28a0/NEWS.txt
----------------------------------------------------------------------
diff --git a/NEWS.txt b/NEWS.txt
index fb6b4ee..232f3cd 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -18,6 +18,15 @@ CASSANDRA-14092.txt file.
If you use or plan to use very large TTLS (10 to 20 years), read CASSANDRA-14092.txt
for more information.
+PLEASE READ: CVE-2017-5929 LOGBACK BEFORE 1.2.0 SERIALIZATION VULNERABILITY
+------------------------------------------------------------------
+QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the
+SocketServer and ServerSocketReceiver components.
+
+Logback has not been upgraded to avoid breaking deployments and customizations
+based on older versions. If you are using vulnerable components you will need
+to upgrade to a newer version of Logback or stop using the vulnerable components.
+
GENERAL UPGRADING ADVICE FOR ANY VERSION
========================================
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org
[10/15] cassandra git commit: Merge branch 'cassandra-2.2' into
cassandra-3.0
Posted by aw...@apache.org.
Merge branch 'cassandra-2.2' into cassandra-3.0
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/2461187c
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/2461187c
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/2461187c
Branch: refs/heads/trunk
Commit: 2461187c0e82d047e143f059124a6dc740ee853f
Parents: 890f319 08ebe82
Author: Ariel Weisberg <aw...@apple.com>
Authored: Wed Feb 14 13:29:17 2018 -0500
Committer: Ariel Weisberg <aw...@apple.com>
Committed: Wed Feb 14 13:32:59 2018 -0500
----------------------------------------------------------------------
CHANGES.txt | 4 ++++
NEWS.txt | 9 +++++++++
2 files changed, 13 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/2461187c/CHANGES.txt
----------------------------------------------------------------------
diff --cc CHANGES.txt
index 90bd53f,09930ce..bbbca08
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,32 -1,8 +1,36 @@@
-2.2.13
++3.0.17
+ Merged from 2.1:
+ * CVE-2017-5929 Security vulnerability in Logback warning in NEWS.txt (CASSANDRA-14183)
+
-2.2.12
+3.0.16
+ * Fix unit test failures in ViewComplexTest (CASSANDRA-14219)
+ * Add MinGW uname check to start scripts (CASSANDRA-12940)
+ * Protect against overflow of local expiration time (CASSANDRA-14092)
+ * Use the correct digest file and reload sstable metadata in nodetool verify (CASSANDRA-14217)
+ * Handle failure when mutating repaired status in Verifier (CASSANDRA-13933)
+ * Close socket on error during connect on OutboundTcpConnection (CASSANDRA-9630)
+ * Set encoding for javadoc generation (CASSANDRA-14154)
+ * Fix index target computation for dense composite tables with dropped compact storage (CASSANDRA-14104)
+ * Improve commit log chain marker updating (CASSANDRA-14108)
+ * Extra range tombstone bound creates double rows (CASSANDRA-14008)
+ * Fix SStable ordering by max timestamp in SinglePartitionReadCommand (CASSANDRA-14010)
+ * Accept role names containing forward-slash (CASSANDRA-14088)
+ * Optimize CRC check chance probability calculations (CASSANDRA-14094)
+ * Fix cleanup on keyspace with no replicas (CASSANDRA-13526)
+ * Fix updating base table rows with TTL not removing materialized view entries (CASSANDRA-14071)
+ * Reduce garbage created by DynamicSnitch (CASSANDRA-14091)
+ * More frequent commitlog chained markers (CASSANDRA-13987)
+ * Fix serialized size of DataLimits (CASSANDRA-14057)
+ * Add flag to allow dropping oversized read repair mutations (CASSANDRA-13975)
+ * Fix SSTableLoader logger message (CASSANDRA-14003)
+ * Fix repair race that caused gossip to block (CASSANDRA-13849)
+ * Tracing interferes with digest requests when using RandomPartitioner (CASSANDRA-13964)
+ * Add flag to disable materialized views, and warnings on creation (CASSANDRA-13959)
+ * Don't let user drop or generally break tables in system_distributed (CASSANDRA-13813)
+ * Provide a JMX call to sync schema with local storage (CASSANDRA-13954)
+ * Mishandling of cells for removed/dropped columns when reading legacy files (CASSANDRA-13939)
+ * Deserialise sstable metadata in nodetool verify (CASSANDRA-13922)
+Merged from 2.2:
* Fix the inspectJvmOptions startup check (CASSANDRA-14112)
* Fix race that prevents submitting compaction for a table when executor is full (CASSANDRA-13801)
* Rely on the JVM to handle OutOfMemoryErrors (CASSANDRA-13006)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/2461187c/NEWS.txt
----------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org
[09/15] cassandra git commit: Merge branch 'cassandra-2.1' into
cassandra-2.2
Posted by aw...@apache.org.
Merge branch 'cassandra-2.1' into cassandra-2.2
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/08ebe829
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/08ebe829
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/08ebe829
Branch: refs/heads/cassandra-3.11
Commit: 08ebe8297b0ffbfda522036c0f750c4f6cf67e6f
Parents: 1602e60 4bbd28a
Author: Ariel Weisberg <aw...@apple.com>
Authored: Wed Feb 14 13:23:41 2018 -0500
Committer: Ariel Weisberg <aw...@apple.com>
Committed: Wed Feb 14 13:23:41 2018 -0500
----------------------------------------------------------------------
CHANGES.txt | 4 ++++
NEWS.txt | 9 +++++++++
2 files changed, 13 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/08ebe829/CHANGES.txt
----------------------------------------------------------------------
diff --cc CHANGES.txt
index 82da6ad,0c25388..09930ce
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,9 -1,7 +1,13 @@@
-2.1.21
++2.2.13
++Merged from 2.1:
+ * CVE-2017-5929 Security vulnerability in Logback warning in NEWS.txt (CASSANDRA-14183)
+
-2.1.20
+2.2.12
+ * Fix the inspectJvmOptions startup check (CASSANDRA-14112)
+ * Fix race that prevents submitting compaction for a table when executor is full (CASSANDRA-13801)
+ * Rely on the JVM to handle OutOfMemoryErrors (CASSANDRA-13006)
+ * Grab refs during scrub/index redistribution/cleanup (CASSANDRA-13873)
+Merged from 2.1:
* Protect against overflow of local expiration time (CASSANDRA-14092)
* More PEP8 compliance for cqlsh (CASSANDRA-14021)
* RPM package spec: fix permissions for installed jars and config files (CASSANDRA-14181)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/08ebe829/NEWS.txt
----------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org
[14/15] cassandra git commit: Merge branch 'cassandra-3.0' into
cassandra-3.11
Posted by aw...@apache.org.
Merge branch 'cassandra-3.0' into cassandra-3.11
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/630c18eb
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/630c18eb
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/630c18eb
Branch: refs/heads/trunk
Commit: 630c18eb38379a03d3766bb2be5835b1c78c66be
Parents: 1d506f9 2461187
Author: Ariel Weisberg <aw...@apple.com>
Authored: Wed Feb 14 13:36:30 2018 -0500
Committer: Ariel Weisberg <aw...@apple.com>
Committed: Wed Feb 14 13:36:30 2018 -0500
----------------------------------------------------------------------
CHANGES.txt | 4 ++++
NEWS.txt | 9 +++++++++
2 files changed, 13 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/630c18eb/CHANGES.txt
----------------------------------------------------------------------
diff --cc CHANGES.txt
index e2ccc53,bbbca08..fdf045d
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,32 -1,14 +1,36 @@@
-3.0.17
-Merged from 2.1:
++3.11.3
++Merged from 2.1
+ * CVE-2017-5929 Security vulnerability in Logback warning in NEWS.txt (CASSANDRA-14183)
+
-3.0.16
- * Fix unit test failures in ViewComplexTest (CASSANDRA-14219)
- * Add MinGW uname check to start scripts (CASSANDRA-12940)
- * Protect against overflow of local expiration time (CASSANDRA-14092)
+3.11.2
+ * Fix ReadCommandTest (CASSANDRA-14234)
+ * Remove trailing period from latency reports at keyspace level (CASSANDRA-14233)
+ * Backport CASSANDRA-13080: Use new token allocation for non bootstrap case as well (CASSANDRA-14212)
+ * Remove dependencies on JVM internal classes from JMXServerUtils (CASSANDRA-14173)
+ * Add DEFAULT, UNSET, MBEAN and MBEANS to `ReservedKeywords` (CASSANDRA-14205)
+ * Add Unittest for schema migration fix (CASSANDRA-14140)
+ * Print correct snitch info from nodetool describecluster (CASSANDRA-13528)
+ * Close socket on error during connect on OutboundTcpConnection (CASSANDRA-9630)
+ * Enable CDC unittest (CASSANDRA-14141)
+ * Acquire read lock before accessing CompactionStrategyManager fields (CASSANDRA-14139)
+ * Split CommitLogStressTest to avoid timeout (CASSANDRA-14143)
+ * Avoid invalidating disk boundaries unnecessarily (CASSANDRA-14083)
+ * Avoid exposing compaction strategy index externally (CASSANDRA-14082)
+ * Prevent continuous schema exchange between 3.0 and 3.11 nodes (CASSANDRA-14109)
+ * Fix imbalanced disks when replacing node with same address with JBOD (CASSANDRA-14084)
+ * Reload compaction strategies when disk boundaries are invalidated (CASSANDRA-13948)
+ * Remove OpenJDK log warning (CASSANDRA-13916)
+ * Prevent compaction strategies from looping indefinitely (CASSANDRA-14079)
+ * Cache disk boundaries (CASSANDRA-13215)
+ * Add asm jar to build.xml for maven builds (CASSANDRA-11193)
+ * Round buffer size to powers of 2 for the chunk cache (CASSANDRA-13897)
+ * Update jackson JSON jars (CASSANDRA-13949)
+ * Avoid locks when checking LCS fanout and if we should defrag (CASSANDRA-13930)
+ * Correctly count range tombstones in traces and tombstone thresholds (CASSANDRA-8527)
+Merged from 3.0:
+ * Add MinGW uname check to start scripts (CASSANDRA-12840)
* Use the correct digest file and reload sstable metadata in nodetool verify (CASSANDRA-14217)
* Handle failure when mutating repaired status in Verifier (CASSANDRA-13933)
- * Close socket on error during connect on OutboundTcpConnection (CASSANDRA-9630)
* Set encoding for javadoc generation (CASSANDRA-14154)
* Fix index target computation for dense composite tables with dropped compact storage (CASSANDRA-14104)
* Improve commit log chain marker updating (CASSANDRA-14108)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/630c18eb/NEWS.txt
----------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org
[11/15] cassandra git commit: Merge branch 'cassandra-2.2' into
cassandra-3.0
Posted by aw...@apache.org.
Merge branch 'cassandra-2.2' into cassandra-3.0
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/2461187c
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/2461187c
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/2461187c
Branch: refs/heads/cassandra-3.11
Commit: 2461187c0e82d047e143f059124a6dc740ee853f
Parents: 890f319 08ebe82
Author: Ariel Weisberg <aw...@apple.com>
Authored: Wed Feb 14 13:29:17 2018 -0500
Committer: Ariel Weisberg <aw...@apple.com>
Committed: Wed Feb 14 13:32:59 2018 -0500
----------------------------------------------------------------------
CHANGES.txt | 4 ++++
NEWS.txt | 9 +++++++++
2 files changed, 13 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/2461187c/CHANGES.txt
----------------------------------------------------------------------
diff --cc CHANGES.txt
index 90bd53f,09930ce..bbbca08
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,32 -1,8 +1,36 @@@
-2.2.13
++3.0.17
+ Merged from 2.1:
+ * CVE-2017-5929 Security vulnerability in Logback warning in NEWS.txt (CASSANDRA-14183)
+
-2.2.12
+3.0.16
+ * Fix unit test failures in ViewComplexTest (CASSANDRA-14219)
+ * Add MinGW uname check to start scripts (CASSANDRA-12940)
+ * Protect against overflow of local expiration time (CASSANDRA-14092)
+ * Use the correct digest file and reload sstable metadata in nodetool verify (CASSANDRA-14217)
+ * Handle failure when mutating repaired status in Verifier (CASSANDRA-13933)
+ * Close socket on error during connect on OutboundTcpConnection (CASSANDRA-9630)
+ * Set encoding for javadoc generation (CASSANDRA-14154)
+ * Fix index target computation for dense composite tables with dropped compact storage (CASSANDRA-14104)
+ * Improve commit log chain marker updating (CASSANDRA-14108)
+ * Extra range tombstone bound creates double rows (CASSANDRA-14008)
+ * Fix SStable ordering by max timestamp in SinglePartitionReadCommand (CASSANDRA-14010)
+ * Accept role names containing forward-slash (CASSANDRA-14088)
+ * Optimize CRC check chance probability calculations (CASSANDRA-14094)
+ * Fix cleanup on keyspace with no replicas (CASSANDRA-13526)
+ * Fix updating base table rows with TTL not removing materialized view entries (CASSANDRA-14071)
+ * Reduce garbage created by DynamicSnitch (CASSANDRA-14091)
+ * More frequent commitlog chained markers (CASSANDRA-13987)
+ * Fix serialized size of DataLimits (CASSANDRA-14057)
+ * Add flag to allow dropping oversized read repair mutations (CASSANDRA-13975)
+ * Fix SSTableLoader logger message (CASSANDRA-14003)
+ * Fix repair race that caused gossip to block (CASSANDRA-13849)
+ * Tracing interferes with digest requests when using RandomPartitioner (CASSANDRA-13964)
+ * Add flag to disable materialized views, and warnings on creation (CASSANDRA-13959)
+ * Don't let user drop or generally break tables in system_distributed (CASSANDRA-13813)
+ * Provide a JMX call to sync schema with local storage (CASSANDRA-13954)
+ * Mishandling of cells for removed/dropped columns when reading legacy files (CASSANDRA-13939)
+ * Deserialise sstable metadata in nodetool verify (CASSANDRA-13922)
+Merged from 2.2:
* Fix the inspectJvmOptions startup check (CASSANDRA-14112)
* Fix race that prevents submitting compaction for a table when executor is full (CASSANDRA-13801)
* Rely on the JVM to handle OutOfMemoryErrors (CASSANDRA-13006)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/2461187c/NEWS.txt
----------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org
[08/15] cassandra git commit: Merge branch 'cassandra-2.1' into
cassandra-2.2
Posted by aw...@apache.org.
Merge branch 'cassandra-2.1' into cassandra-2.2
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/08ebe829
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/08ebe829
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/08ebe829
Branch: refs/heads/cassandra-3.0
Commit: 08ebe8297b0ffbfda522036c0f750c4f6cf67e6f
Parents: 1602e60 4bbd28a
Author: Ariel Weisberg <aw...@apple.com>
Authored: Wed Feb 14 13:23:41 2018 -0500
Committer: Ariel Weisberg <aw...@apple.com>
Committed: Wed Feb 14 13:23:41 2018 -0500
----------------------------------------------------------------------
CHANGES.txt | 4 ++++
NEWS.txt | 9 +++++++++
2 files changed, 13 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/08ebe829/CHANGES.txt
----------------------------------------------------------------------
diff --cc CHANGES.txt
index 82da6ad,0c25388..09930ce
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,9 -1,7 +1,13 @@@
-2.1.21
++2.2.13
++Merged from 2.1:
+ * CVE-2017-5929 Security vulnerability in Logback warning in NEWS.txt (CASSANDRA-14183)
+
-2.1.20
+2.2.12
+ * Fix the inspectJvmOptions startup check (CASSANDRA-14112)
+ * Fix race that prevents submitting compaction for a table when executor is full (CASSANDRA-13801)
+ * Rely on the JVM to handle OutOfMemoryErrors (CASSANDRA-13006)
+ * Grab refs during scrub/index redistribution/cleanup (CASSANDRA-13873)
+Merged from 2.1:
* Protect against overflow of local expiration time (CASSANDRA-14092)
* More PEP8 compliance for cqlsh (CASSANDRA-14021)
* RPM package spec: fix permissions for installed jars and config files (CASSANDRA-14181)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/08ebe829/NEWS.txt
----------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org
[13/15] cassandra git commit: Merge branch 'cassandra-3.0' into
cassandra-3.11
Posted by aw...@apache.org.
Merge branch 'cassandra-3.0' into cassandra-3.11
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/630c18eb
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/630c18eb
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/630c18eb
Branch: refs/heads/cassandra-3.11
Commit: 630c18eb38379a03d3766bb2be5835b1c78c66be
Parents: 1d506f9 2461187
Author: Ariel Weisberg <aw...@apple.com>
Authored: Wed Feb 14 13:36:30 2018 -0500
Committer: Ariel Weisberg <aw...@apple.com>
Committed: Wed Feb 14 13:36:30 2018 -0500
----------------------------------------------------------------------
CHANGES.txt | 4 ++++
NEWS.txt | 9 +++++++++
2 files changed, 13 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/630c18eb/CHANGES.txt
----------------------------------------------------------------------
diff --cc CHANGES.txt
index e2ccc53,bbbca08..fdf045d
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,32 -1,14 +1,36 @@@
-3.0.17
-Merged from 2.1:
++3.11.3
++Merged from 2.1
+ * CVE-2017-5929 Security vulnerability in Logback warning in NEWS.txt (CASSANDRA-14183)
+
-3.0.16
- * Fix unit test failures in ViewComplexTest (CASSANDRA-14219)
- * Add MinGW uname check to start scripts (CASSANDRA-12940)
- * Protect against overflow of local expiration time (CASSANDRA-14092)
+3.11.2
+ * Fix ReadCommandTest (CASSANDRA-14234)
+ * Remove trailing period from latency reports at keyspace level (CASSANDRA-14233)
+ * Backport CASSANDRA-13080: Use new token allocation for non bootstrap case as well (CASSANDRA-14212)
+ * Remove dependencies on JVM internal classes from JMXServerUtils (CASSANDRA-14173)
+ * Add DEFAULT, UNSET, MBEAN and MBEANS to `ReservedKeywords` (CASSANDRA-14205)
+ * Add Unittest for schema migration fix (CASSANDRA-14140)
+ * Print correct snitch info from nodetool describecluster (CASSANDRA-13528)
+ * Close socket on error during connect on OutboundTcpConnection (CASSANDRA-9630)
+ * Enable CDC unittest (CASSANDRA-14141)
+ * Acquire read lock before accessing CompactionStrategyManager fields (CASSANDRA-14139)
+ * Split CommitLogStressTest to avoid timeout (CASSANDRA-14143)
+ * Avoid invalidating disk boundaries unnecessarily (CASSANDRA-14083)
+ * Avoid exposing compaction strategy index externally (CASSANDRA-14082)
+ * Prevent continuous schema exchange between 3.0 and 3.11 nodes (CASSANDRA-14109)
+ * Fix imbalanced disks when replacing node with same address with JBOD (CASSANDRA-14084)
+ * Reload compaction strategies when disk boundaries are invalidated (CASSANDRA-13948)
+ * Remove OpenJDK log warning (CASSANDRA-13916)
+ * Prevent compaction strategies from looping indefinitely (CASSANDRA-14079)
+ * Cache disk boundaries (CASSANDRA-13215)
+ * Add asm jar to build.xml for maven builds (CASSANDRA-11193)
+ * Round buffer size to powers of 2 for the chunk cache (CASSANDRA-13897)
+ * Update jackson JSON jars (CASSANDRA-13949)
+ * Avoid locks when checking LCS fanout and if we should defrag (CASSANDRA-13930)
+ * Correctly count range tombstones in traces and tombstone thresholds (CASSANDRA-8527)
+Merged from 3.0:
+ * Add MinGW uname check to start scripts (CASSANDRA-12840)
* Use the correct digest file and reload sstable metadata in nodetool verify (CASSANDRA-14217)
* Handle failure when mutating repaired status in Verifier (CASSANDRA-13933)
- * Close socket on error during connect on OutboundTcpConnection (CASSANDRA-9630)
* Set encoding for javadoc generation (CASSANDRA-14154)
* Fix index target computation for dense composite tables with dropped compact storage (CASSANDRA-14104)
* Improve commit log chain marker updating (CASSANDRA-14108)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/630c18eb/NEWS.txt
----------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org
[04/15] cassandra git commit: CVE-2017-5929 Security vulnerability in
Logback warning in NEWS.txt
Posted by aw...@apache.org.
CVE-2017-5929 Security vulnerability in Logback warning in NEWS.txt
Patch by Ariel Weisberg; Reviewed by Jason Brown for CASSANDRA-14183
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/4bbd28a0
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/4bbd28a0
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/4bbd28a0
Branch: refs/heads/cassandra-3.0
Commit: 4bbd28a043f15dd6c19de157acb5950319e8c16c
Parents: b294943
Author: Ariel Weisberg <aw...@apple.com>
Authored: Wed Feb 14 11:55:00 2018 -0500
Committer: Ariel Weisberg <aw...@apple.com>
Committed: Wed Feb 14 11:55:00 2018 -0500
----------------------------------------------------------------------
CHANGES.txt | 3 +++
NEWS.txt | 9 +++++++++
2 files changed, 12 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/4bbd28a0/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index 9332354..0c25388 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,3 +1,6 @@
+2.1.21
+ * CVE-2017-5929 Security vulnerability in Logback warning in NEWS.txt (CASSANDRA-14183)
+
2.1.20
* Protect against overflow of local expiration time (CASSANDRA-14092)
* More PEP8 compliance for cqlsh (CASSANDRA-14021)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/4bbd28a0/NEWS.txt
----------------------------------------------------------------------
diff --git a/NEWS.txt b/NEWS.txt
index fb6b4ee..232f3cd 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -18,6 +18,15 @@ CASSANDRA-14092.txt file.
If you use or plan to use very large TTLS (10 to 20 years), read CASSANDRA-14092.txt
for more information.
+PLEASE READ: CVE-2017-5929 LOGBACK BEFORE 1.2.0 SERIALIZATION VULNERABILITY
+------------------------------------------------------------------
+QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the
+SocketServer and ServerSocketReceiver components.
+
+Logback has not been upgraded to avoid breaking deployments and customizations
+based on older versions. If you are using vulnerable components you will need
+to upgrade to a newer version of Logback or stop using the vulnerable components.
+
GENERAL UPGRADING ADVICE FOR ANY VERSION
========================================
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org
[12/15] cassandra git commit: Merge branch 'cassandra-2.2' into
cassandra-3.0
Posted by aw...@apache.org.
Merge branch 'cassandra-2.2' into cassandra-3.0
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/2461187c
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/2461187c
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/2461187c
Branch: refs/heads/cassandra-3.0
Commit: 2461187c0e82d047e143f059124a6dc740ee853f
Parents: 890f319 08ebe82
Author: Ariel Weisberg <aw...@apple.com>
Authored: Wed Feb 14 13:29:17 2018 -0500
Committer: Ariel Weisberg <aw...@apple.com>
Committed: Wed Feb 14 13:32:59 2018 -0500
----------------------------------------------------------------------
CHANGES.txt | 4 ++++
NEWS.txt | 9 +++++++++
2 files changed, 13 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/2461187c/CHANGES.txt
----------------------------------------------------------------------
diff --cc CHANGES.txt
index 90bd53f,09930ce..bbbca08
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,32 -1,8 +1,36 @@@
-2.2.13
++3.0.17
+ Merged from 2.1:
+ * CVE-2017-5929 Security vulnerability in Logback warning in NEWS.txt (CASSANDRA-14183)
+
-2.2.12
+3.0.16
+ * Fix unit test failures in ViewComplexTest (CASSANDRA-14219)
+ * Add MinGW uname check to start scripts (CASSANDRA-12940)
+ * Protect against overflow of local expiration time (CASSANDRA-14092)
+ * Use the correct digest file and reload sstable metadata in nodetool verify (CASSANDRA-14217)
+ * Handle failure when mutating repaired status in Verifier (CASSANDRA-13933)
+ * Close socket on error during connect on OutboundTcpConnection (CASSANDRA-9630)
+ * Set encoding for javadoc generation (CASSANDRA-14154)
+ * Fix index target computation for dense composite tables with dropped compact storage (CASSANDRA-14104)
+ * Improve commit log chain marker updating (CASSANDRA-14108)
+ * Extra range tombstone bound creates double rows (CASSANDRA-14008)
+ * Fix SStable ordering by max timestamp in SinglePartitionReadCommand (CASSANDRA-14010)
+ * Accept role names containing forward-slash (CASSANDRA-14088)
+ * Optimize CRC check chance probability calculations (CASSANDRA-14094)
+ * Fix cleanup on keyspace with no replicas (CASSANDRA-13526)
+ * Fix updating base table rows with TTL not removing materialized view entries (CASSANDRA-14071)
+ * Reduce garbage created by DynamicSnitch (CASSANDRA-14091)
+ * More frequent commitlog chained markers (CASSANDRA-13987)
+ * Fix serialized size of DataLimits (CASSANDRA-14057)
+ * Add flag to allow dropping oversized read repair mutations (CASSANDRA-13975)
+ * Fix SSTableLoader logger message (CASSANDRA-14003)
+ * Fix repair race that caused gossip to block (CASSANDRA-13849)
+ * Tracing interferes with digest requests when using RandomPartitioner (CASSANDRA-13964)
+ * Add flag to disable materialized views, and warnings on creation (CASSANDRA-13959)
+ * Don't let user drop or generally break tables in system_distributed (CASSANDRA-13813)
+ * Provide a JMX call to sync schema with local storage (CASSANDRA-13954)
+ * Mishandling of cells for removed/dropped columns when reading legacy files (CASSANDRA-13939)
+ * Deserialise sstable metadata in nodetool verify (CASSANDRA-13922)
+Merged from 2.2:
* Fix the inspectJvmOptions startup check (CASSANDRA-14112)
* Fix race that prevents submitting compaction for a table when executor is full (CASSANDRA-13801)
* Rely on the JVM to handle OutOfMemoryErrors (CASSANDRA-13006)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/2461187c/NEWS.txt
----------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org
[06/15] cassandra git commit: Merge branch 'cassandra-2.1' into
cassandra-2.2
Posted by aw...@apache.org.
Merge branch 'cassandra-2.1' into cassandra-2.2
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/08ebe829
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/08ebe829
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/08ebe829
Branch: refs/heads/trunk
Commit: 08ebe8297b0ffbfda522036c0f750c4f6cf67e6f
Parents: 1602e60 4bbd28a
Author: Ariel Weisberg <aw...@apple.com>
Authored: Wed Feb 14 13:23:41 2018 -0500
Committer: Ariel Weisberg <aw...@apple.com>
Committed: Wed Feb 14 13:23:41 2018 -0500
----------------------------------------------------------------------
CHANGES.txt | 4 ++++
NEWS.txt | 9 +++++++++
2 files changed, 13 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/08ebe829/CHANGES.txt
----------------------------------------------------------------------
diff --cc CHANGES.txt
index 82da6ad,0c25388..09930ce
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,9 -1,7 +1,13 @@@
-2.1.21
++2.2.13
++Merged from 2.1:
+ * CVE-2017-5929 Security vulnerability in Logback warning in NEWS.txt (CASSANDRA-14183)
+
-2.1.20
+2.2.12
+ * Fix the inspectJvmOptions startup check (CASSANDRA-14112)
+ * Fix race that prevents submitting compaction for a table when executor is full (CASSANDRA-13801)
+ * Rely on the JVM to handle OutOfMemoryErrors (CASSANDRA-13006)
+ * Grab refs during scrub/index redistribution/cleanup (CASSANDRA-13873)
+Merged from 2.1:
* Protect against overflow of local expiration time (CASSANDRA-14092)
* More PEP8 compliance for cqlsh (CASSANDRA-14021)
* RPM package spec: fix permissions for installed jars and config files (CASSANDRA-14181)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/08ebe829/NEWS.txt
----------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org
[07/15] cassandra git commit: Merge branch 'cassandra-2.1' into
cassandra-2.2
Posted by aw...@apache.org.
Merge branch 'cassandra-2.1' into cassandra-2.2
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/08ebe829
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/08ebe829
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/08ebe829
Branch: refs/heads/cassandra-2.2
Commit: 08ebe8297b0ffbfda522036c0f750c4f6cf67e6f
Parents: 1602e60 4bbd28a
Author: Ariel Weisberg <aw...@apple.com>
Authored: Wed Feb 14 13:23:41 2018 -0500
Committer: Ariel Weisberg <aw...@apple.com>
Committed: Wed Feb 14 13:23:41 2018 -0500
----------------------------------------------------------------------
CHANGES.txt | 4 ++++
NEWS.txt | 9 +++++++++
2 files changed, 13 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/08ebe829/CHANGES.txt
----------------------------------------------------------------------
diff --cc CHANGES.txt
index 82da6ad,0c25388..09930ce
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,9 -1,7 +1,13 @@@
-2.1.21
++2.2.13
++Merged from 2.1:
+ * CVE-2017-5929 Security vulnerability in Logback warning in NEWS.txt (CASSANDRA-14183)
+
-2.1.20
+2.2.12
+ * Fix the inspectJvmOptions startup check (CASSANDRA-14112)
+ * Fix race that prevents submitting compaction for a table when executor is full (CASSANDRA-13801)
+ * Rely on the JVM to handle OutOfMemoryErrors (CASSANDRA-13006)
+ * Grab refs during scrub/index redistribution/cleanup (CASSANDRA-13873)
+Merged from 2.1:
* Protect against overflow of local expiration time (CASSANDRA-14092)
* More PEP8 compliance for cqlsh (CASSANDRA-14021)
* RPM package spec: fix permissions for installed jars and config files (CASSANDRA-14181)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/08ebe829/NEWS.txt
----------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org
[03/15] cassandra git commit: CVE-2017-5929 Security vulnerability in
Logback warning in NEWS.txt
Posted by aw...@apache.org.
CVE-2017-5929 Security vulnerability in Logback warning in NEWS.txt
Patch by Ariel Weisberg; Reviewed by Jason Brown for CASSANDRA-14183
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/4bbd28a0
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/4bbd28a0
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/4bbd28a0
Branch: refs/heads/trunk
Commit: 4bbd28a043f15dd6c19de157acb5950319e8c16c
Parents: b294943
Author: Ariel Weisberg <aw...@apple.com>
Authored: Wed Feb 14 11:55:00 2018 -0500
Committer: Ariel Weisberg <aw...@apple.com>
Committed: Wed Feb 14 11:55:00 2018 -0500
----------------------------------------------------------------------
CHANGES.txt | 3 +++
NEWS.txt | 9 +++++++++
2 files changed, 12 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/4bbd28a0/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index 9332354..0c25388 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,3 +1,6 @@
+2.1.21
+ * CVE-2017-5929 Security vulnerability in Logback warning in NEWS.txt (CASSANDRA-14183)
+
2.1.20
* Protect against overflow of local expiration time (CASSANDRA-14092)
* More PEP8 compliance for cqlsh (CASSANDRA-14021)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/4bbd28a0/NEWS.txt
----------------------------------------------------------------------
diff --git a/NEWS.txt b/NEWS.txt
index fb6b4ee..232f3cd 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -18,6 +18,15 @@ CASSANDRA-14092.txt file.
If you use or plan to use very large TTLS (10 to 20 years), read CASSANDRA-14092.txt
for more information.
+PLEASE READ: CVE-2017-5929 LOGBACK BEFORE 1.2.0 SERIALIZATION VULNERABILITY
+------------------------------------------------------------------
+QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the
+SocketServer and ServerSocketReceiver components.
+
+Logback has not been upgraded to avoid breaking deployments and customizations
+based on older versions. If you are using vulnerable components you will need
+to upgrade to a newer version of Logback or stop using the vulnerable components.
+
GENERAL UPGRADING ADVICE FOR ANY VERSION
========================================
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org
[05/15] cassandra git commit: CVE-2017-5929 Security vulnerability in
Logback warning in NEWS.txt
Posted by aw...@apache.org.
CVE-2017-5929 Security vulnerability in Logback warning in NEWS.txt
Patch by Ariel Weisberg; Reviewed by Jason Brown for CASSANDRA-14183
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/4bbd28a0
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/4bbd28a0
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/4bbd28a0
Branch: refs/heads/cassandra-3.11
Commit: 4bbd28a043f15dd6c19de157acb5950319e8c16c
Parents: b294943
Author: Ariel Weisberg <aw...@apple.com>
Authored: Wed Feb 14 11:55:00 2018 -0500
Committer: Ariel Weisberg <aw...@apple.com>
Committed: Wed Feb 14 11:55:00 2018 -0500
----------------------------------------------------------------------
CHANGES.txt | 3 +++
NEWS.txt | 9 +++++++++
2 files changed, 12 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/4bbd28a0/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index 9332354..0c25388 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,3 +1,6 @@
+2.1.21
+ * CVE-2017-5929 Security vulnerability in Logback warning in NEWS.txt (CASSANDRA-14183)
+
2.1.20
* Protect against overflow of local expiration time (CASSANDRA-14092)
* More PEP8 compliance for cqlsh (CASSANDRA-14021)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/4bbd28a0/NEWS.txt
----------------------------------------------------------------------
diff --git a/NEWS.txt b/NEWS.txt
index fb6b4ee..232f3cd 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -18,6 +18,15 @@ CASSANDRA-14092.txt file.
If you use or plan to use very large TTLS (10 to 20 years), read CASSANDRA-14092.txt
for more information.
+PLEASE READ: CVE-2017-5929 LOGBACK BEFORE 1.2.0 SERIALIZATION VULNERABILITY
+------------------------------------------------------------------
+QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the
+SocketServer and ServerSocketReceiver components.
+
+Logback has not been upgraded to avoid breaking deployments and customizations
+based on older versions. If you are using vulnerable components you will need
+to upgrade to a newer version of Logback or stop using the vulnerable components.
+
GENERAL UPGRADING ADVICE FOR ANY VERSION
========================================
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org