You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2020/09/07 03:37:57 UTC

[GitHub] [pulsar] wolfstudy opened a new pull request #7994: [Security] Upgrade the snakeyaml verion to 1.26

wolfstudy opened a new pull request #7994:
URL: https://github.com/apache/pulsar/pull/7994


   Signed-off-by: xiaolong.ran <rx...@apache.org>
   
   
   Fixes #7928
   
   ### Motivation
   
   As https://nvd.nist.gov/vuln/detail/CVE-2017-18640 said, the `snakeyaml` < 1.26
   
   ### Modifications
   
   In `pulsar-functions` model:
   
   - The `snakeyaml` 1.19 appears to be included from dependency on org.apache.pulsar:pulsar-functions-secrets:jar:2.6.1 based on included dependency of io.kubernetes:client-java-api:jar:2.0.0:compile Fixed in 9.0.2
   
   - The `snakeyaml` 1.16 appears to be included from the dependency on org.apache.pulsar:pulsar-functions-instance:jar:2.6.1 based on io.prometheus.jmx:collector:jar:0.12.0 Fixed in 0.13.0
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] wolfstudy commented on pull request #7994: [Security] Upgrade the snakeyaml verion to 1.26

Posted by GitBox <gi...@apache.org>.

wolfstudy commented on pull request #7994:
URL: https://github.com/apache/pulsar/pull/7994#issuecomment-688179264


   /pulsarbot run-failure-checks


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] wolfstudy commented on pull request #7994: [Security] Upgrade the snakeyaml verion to 1.26

Posted by GitBox <gi...@apache.org>.

wolfstudy commented on pull request #7994:
URL: https://github.com/apache/pulsar/pull/7994#issuecomment-688304724


   /pulsarbot run-failure-checks


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] jiazhai merged pull request #7994: [Security] Upgrade the snakeyaml verion to 1.26

Posted by GitBox <gi...@apache.org>.

jiazhai merged pull request #7994:
URL: https://github.com/apache/pulsar/pull/7994


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] wolfstudy commented on pull request #7994: [Security] Upgrade the snakeyaml verion to 1.26

Posted by GitBox <gi...@apache.org>.

wolfstudy commented on pull request #7994:
URL: https://github.com/apache/pulsar/pull/7994#issuecomment-688251784


   /pulsarbot run-failure-checks


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] codelipenghui commented on pull request #7994: [Security] Upgrade the snakeyaml verion to 1.26

Posted by GitBox <gi...@apache.org>.

codelipenghui commented on pull request #7994:
URL: https://github.com/apache/pulsar/pull/7994#issuecomment-708216887


   cherry-picked to branch-2.6


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org