You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by "lhotari (via GitHub)" <gi...@apache.org> on 2023/10/19 05:43:01 UTC

[PR] [fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 [pulsar]

lhotari opened a new pull request, #21395:
URL: https://github.com/apache/pulsar/pull/21395

   ### Motivation
   
   OWASP dependency check reports CVE-2023-44487 for Jetty (and also Netty).
   
   ### Modifications
   
   Upgrade Jetty to 9.4.53.
   
   ### Documentation
   
   <!-- DO NOT REMOVE THIS SECTION. CHECK THE PROPER BOX ONLY. -->
   
   - [ ] `doc` <!-- Your PR contains doc changes. -->
   - [ ] `doc-required` <!-- Your PR changes impact docs and you will update later -->
   - [x] `doc-not-needed` <!-- Your PR changes do not impact docs -->
   - [ ] `doc-complete` <!-- Docs have been already added -->


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] [fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 [pulsar]

Posted by "lhotari (via GitHub)" <gi...@apache.org>.

lhotari commented on PR #21395:
URL: https://github.com/apache/pulsar/pull/21395#issuecomment-1781394955

   > Can this be marked/labeled cherry-picked/branch-3.1?
   
   @compuguy cherry picked to [branch-3.1](https://github.com/apache/pulsar/commits/branch-3.1) . 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] [fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 [pulsar]

Posted by "Technoboy- (via GitHub)" <gi...@apache.org>.

Technoboy- merged PR #21395:
URL: https://github.com/apache/pulsar/pull/21395


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] [fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 [pulsar]

Posted by "compuguy (via GitHub)" <gi...@apache.org>.

compuguy commented on PR #21395:
URL: https://github.com/apache/pulsar/pull/21395#issuecomment-1781345815

   Can this be marked/labeled cherry-picked/branch-3.1?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] [fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 [pulsar]

Posted by "codecov-commenter (via GitHub)" <gi...@apache.org>.

codecov-commenter commented on PR #21395:
URL: https://github.com/apache/pulsar/pull/21395#issuecomment-1770221670

   ## [Codecov](https://app.codecov.io/gh/apache/pulsar/pull/21395?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) Report
   > Merging [#21395](https://app.codecov.io/gh/apache/pulsar/pull/21395?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) (9c222a4) into [master](https://app.codecov.io/gh/apache/pulsar/commit/b1bca5609d254734ccca63b616eba33ce3a8b70b?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) (b1bca56) will **decrease** coverage by `0.01%`.
   > Report is 5 commits behind head on master.
   > The diff coverage is `100.00%`.
   
   [![Impacted file tree graph](https://app.codecov.io/gh/apache/pulsar/pull/21395/graphs/tree.svg?width=650&height=150&src=pr&token=acYqCpsK9J&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache)](https://app.codecov.io/gh/apache/pulsar/pull/21395?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache)
   
   ```diff
   @@             Coverage Diff              @@
   ##             master   #21395      +/-   ##
   ============================================
   - Coverage     73.27%   73.27%   -0.01%     
   + Complexity    32581    32568      -13     
   ============================================
     Files          1888     1888              
     Lines        140282   140279       -3     
     Branches      15415    15416       +1     
   ============================================
   - Hits         102790   102784       -6     
   + Misses        29415    29406       -9     
   - Partials       8077     8089      +12     
   ```
   
   | [Flag](https://app.codecov.io/gh/apache/pulsar/pull/21395/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) | Coverage Δ | |
   |---|---|---|
   | [inttests](https://app.codecov.io/gh/apache/pulsar/pull/21395/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) | `24.19% <50.00%> (+0.02%)` | :arrow_up: |
   | [systests](https://app.codecov.io/gh/apache/pulsar/pull/21395/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) | `24.73% <0.00%> (+0.01%)` | :arrow_up: |
   | [unittests](https://app.codecov.io/gh/apache/pulsar/pull/21395/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) | `72.56% <100.00%> (-0.02%)` | :arrow_down: |
   
   Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache#carryforward-flags-in-the-pull-request-comment) to find out more.
   
   | [Files](https://app.codecov.io/gh/apache/pulsar/pull/21395?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) | Coverage Δ | |
   |---|---|---|
   | [...sar/broker/service/persistent/PersistentTopic.java](https://app.codecov.io/gh/apache/pulsar/pull/21395?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache#diff-cHVsc2FyLWJyb2tlci9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvcHVsc2FyL2Jyb2tlci9zZXJ2aWNlL3BlcnNpc3RlbnQvUGVyc2lzdGVudFRvcGljLmphdmE=) | `79.49% <100.00%> (+0.20%)` | :arrow_up: |
   
   ... and [65 files with indirect coverage changes](https://app.codecov.io/gh/apache/pulsar/pull/21395/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org