You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by br...@apache.org on 2022/12/05 16:11:22 UTC

[cassandra] branch cassandra-4.0 updated (bba7ab3eca -> c2bbee2020)

This is an automated email from the ASF dual-hosted git repository.

brandonwilliams pushed a change to branch cassandra-4.0
in repository https://gitbox.apache.org/repos/asf/cassandra.git


    from bba7ab3eca Merge branch 'cassandra-3.11' into cassandra-4.0
     new 92019df4d8 Suppress CVE-2022-41854 and similar
     new b7762e2aa2 Merge branch 'cassandra-3.0' into cassandra-3.11
     new c2bbee2020 Merge branch 'cassandra-3.11' into cassandra-4.0

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .build/dependency-check-suppressions.xml | 1 +
 CHANGES.txt                              | 1 +
 2 files changed, 2 insertions(+)


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org

[cassandra] 01/01: Merge branch 'cassandra-3.11' into cassandra-4.0

Posted by br...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

brandonwilliams pushed a commit to branch cassandra-4.0
in repository https://gitbox.apache.org/repos/asf/cassandra.git

commit c2bbee2020af7b07eb478c10df21a8d081ec6a7e
Merge: bba7ab3eca b7762e2aa2
Author: Brandon Williams <br...@apache.org>
AuthorDate: Mon Dec 5 10:06:17 2022 -0600

    Merge branch 'cassandra-3.11' into cassandra-4.0

 .build/dependency-check-suppressions.xml | 1 +
 CHANGES.txt                              | 1 +
 2 files changed, 2 insertions(+)

diff --cc .build/dependency-check-suppressions.xml
index c833fd252b,d2ee33617d..481d8d0b3f
--- a/.build/dependency-check-suppressions.xml
+++ b/.build/dependency-check-suppressions.xml
@@@ -37,20 -29,16 +37,21 @@@
          <cve>CVE-2022-38750</cve>
          <cve>CVE-2022-38751</cve>
          <cve>CVE-2022-38752</cve>
+         <cve>CVE-2022-41854</cve>
      </suppress>
 -
 -    <!-- https://issues.apache.org/jira/browse/CASSANDRA-15417 -->
 +    <suppress>
 +        <!-- dependency checker identified this as a completely different package (wire) -->
 +        <packageUrl regex="true">^pkg:maven/net\.openhft/chronicle\-wire@.*$</packageUrl>
 +        <cpe>cpe:/a:wire:wire</cpe>
 +    </suppress>
 +    <suppress>
 +        <!-- not applicable https://nvd.nist.gov/vuln/detail/CVE-2020-8908 -->
 +        <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
 +        <cve>CVE-2020-8908</cve>
 +    </suppress>
 +    <!-- netty's http stuff is not applicable here -->
      <suppress>
          <packageUrl regex="true">^pkg:maven/io\.netty/netty\-all@.*$</packageUrl>
 -        <cve>CVE-2019-16869</cve>
 -        <cve>CVE-2019-20444</cve>
 -        <cve>CVE-2019-20445</cve>
 -        <cve>CVE-2020-7238</cve>
          <cve>CVE-2021-21290</cve>
          <cve>CVE-2021-21295</cve>
          <cve>CVE-2021-21409</cve>
diff --cc CHANGES.txt
index de9e6f07cf,4223a5cd8d..fc0d9fb2c6
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,24 -1,12 +1,25 @@@
 -3.11.15
 +4.0.8
 + * Harden parsing of boolean values in CQL in PropertyDefinitions (CASSANDRA-17878)
 + * Fix error message about type hints (CASSANDRA-17915)
 + * Fix possible race condition on repair snapshots (CASSANDRA-17955)
 + * Fix ASM bytecode version inconsistency (CASSANDRA-17873)
 +Merged from 3.11:
   * Fix Splitter sometimes creating more splits than requested (CASSANDRA-18013)
 -
  Merged from 3.0:
+  * Suppress CVE-2022-41854 and similar (CASSANDRA-18083)
   * Fix running Ant rat targets without git (CASSANDRA-17974)
  
 -
 -3.11.14
 +4.0.7
 + * Remove empty cq4 files in log directory to not fail the startup of BinLog (CASSANDRA-17933)
 + * Fix multiple BufferPool bugs (CASSANDRA-16681)
 + * Fix StorageService.getNativeaddress handling of IPv6 addresses (CASSANDRA-17945)
 + * Mitigate direct buffer memory OOM on replacements (CASSANDRA-17895)
 + * Fix repair failure on assertion if two peers have overlapping mismatching ranges (CASSANDRA-17900)
 + * Better handle null state in Gossip schema migration to avoid NPE (CASSANDRA-17864)
 + * HintedHandoffAddRemoveNodesTest now accounts for the fact that StorageMetrics.totalHints is not updated synchronously w/ writes (CASSANDRA-16679)
 + * Avoid getting hanging repairs due to repair message timeouts (CASSANDRA-17613)
 + * Prevent infinite loop in repair coordinator on FailSession (CASSANDRA-17834)
 +Merged from 3.11:
   * Suppress CVE-2022-42003 and CVE-2022-42004 (CASSANDRA-17966)
   * Make LongBufferPoolTest insensitive to timing (CASSANDRA-16681)
   * Suppress CVE-2022-25857 and other snakeyaml CVEs (CASSANDRA-17907)


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org