You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/06/20 14:36:35 UTC

[GitHub] [pulsar] tisonkun opened a new pull request, #16148: [security] Update fastjson version to 1.2.83

tisonkun opened a new pull request, #16148:
URL: https://github.com/apache/pulsar/pull/16148

   This PR is related to #16110.
   
   ### Motivation
   
   Fixes CVE-2022-25845.
   
   ### Modifications
   
   Update fastjson version to 1.2.83
   
   ### Verifying this change
   
   - [ ] Make sure that the change passes the CI checks.
   
   ### Does this pull request potentially affect one of the following parts:
   
   *If `yes` was chosen, please highlight the changes*
   
     - Dependencies (does it add or upgrade a dependency): (yes)
   
   To fix CVE-2022-25845. It's a patch version bump, which should be safe to apply.
   
     - The public API: (yes / no)
     - The schema: (yes / no / don't know)
     - The default values of configurations: (yes / no)
     - The wire protocol: (yes / no)
     - The rest endpoints: (yes / no)
     - The admin cli options: (yes / no)
     - Anything that affects deployment: (yes / no / don't know)
   
   ### Documentation
   
   Check the box below or label this PR directly.
   
   Need to update docs? 
   
   - [ ] `doc-required` 
   (Your PR needs to update docs and you will update later)
     
   - [x] `doc-not-needed` 
   (Please explain why)
     
   - [ ] `doc` 
   (Your PR contains doc changes)
   
   - [ ] `doc-complete`
   (Docs have been already added)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] tisonkun commented on pull request #16148: [security] Update fastjson version to 1.2.83

Posted by GitBox <gi...@apache.org>.

tisonkun commented on PR #16148:
URL: https://github.com/apache/pulsar/pull/16148#issuecomment-1161301714

   Thanks for your review!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] nicoloboschi merged pull request #16148: [security] Update fastjson version to 1.2.83

Posted by GitBox <gi...@apache.org>.

nicoloboschi merged PR #16148:
URL: https://github.com/apache/pulsar/pull/16148


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] tisonkun commented on pull request #16148: [security] Update fastjson version to 1.2.83

Posted by GitBox <gi...@apache.org>.

tisonkun commented on PR #16148:
URL: https://github.com/apache/pulsar/pull/16148#issuecomment-1160526237

   cc @lhotari @nicoloboschi 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] tisonkun commented on pull request #16148: [security] Update fastjson version to 1.2.83

Posted by GitBox <gi...@apache.org>.

tisonkun commented on PR #16148:
URL: https://github.com/apache/pulsar/pull/16148#issuecomment-1161071831

   @nicoloboschi @codelipenghui could you merge this PR or #16110 first? They're logically as a whole and block my initial PR #16109. IIUC we should merge this PR and #16110 first and review #16109, decide whether to accept #16109.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org