You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by "lhotari (via GitHub)" <gi...@apache.org> on 2023/10/19 05:43:01 UTC
[PR] [fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 [pulsar]
lhotari opened a new pull request, #21395:
URL: https://github.com/apache/pulsar/pull/21395
### Motivation
OWASP dependency check reports CVE-2023-44487 for Jetty (and also Netty).
### Modifications
Upgrade Jetty to 9.4.53.
### Documentation
<!-- DO NOT REMOVE THIS SECTION. CHECK THE PROPER BOX ONLY. -->
- [ ] `doc` <!-- Your PR contains doc changes. -->
- [ ] `doc-required` <!-- Your PR changes impact docs and you will update later -->
- [x] `doc-not-needed` <!-- Your PR changes do not impact docs -->
- [ ] `doc-complete` <!-- Docs have been already added -->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] [fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 [pulsar]
Posted by "lhotari (via GitHub)" <gi...@apache.org>.
lhotari commented on PR #21395:
URL: https://github.com/apache/pulsar/pull/21395#issuecomment-1781394955
> Can this be marked/labeled cherry-picked/branch-3.1?
@compuguy cherry picked to [branch-3.1](https://github.com/apache/pulsar/commits/branch-3.1) .
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] [fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 [pulsar]
Posted by "Technoboy- (via GitHub)" <gi...@apache.org>.
Technoboy- merged PR #21395:
URL: https://github.com/apache/pulsar/pull/21395
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] [fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 [pulsar]
Posted by "compuguy (via GitHub)" <gi...@apache.org>.
compuguy commented on PR #21395:
URL: https://github.com/apache/pulsar/pull/21395#issuecomment-1781345815
Can this be marked/labeled cherry-picked/branch-3.1?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] [fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 [pulsar]
Posted by "codecov-commenter (via GitHub)" <gi...@apache.org>.
codecov-commenter commented on PR #21395:
URL: https://github.com/apache/pulsar/pull/21395#issuecomment-1770221670
## [Codecov](https://app.codecov.io/gh/apache/pulsar/pull/21395?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) Report
> Merging [#21395](https://app.codecov.io/gh/apache/pulsar/pull/21395?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) (9c222a4) into [master](https://app.codecov.io/gh/apache/pulsar/commit/b1bca5609d254734ccca63b616eba33ce3a8b70b?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) (b1bca56) will **decrease** coverage by `0.01%`.
> Report is 5 commits behind head on master.
> The diff coverage is `100.00%`.
[![Impacted file tree graph](https://app.codecov.io/gh/apache/pulsar/pull/21395/graphs/tree.svg?width=650&height=150&src=pr&token=acYqCpsK9J&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache)](https://app.codecov.io/gh/apache/pulsar/pull/21395?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache)
```diff
@@ Coverage Diff @@
## master #21395 +/- ##
============================================
- Coverage 73.27% 73.27% -0.01%
+ Complexity 32581 32568 -13
============================================
Files 1888 1888
Lines 140282 140279 -3
Branches 15415 15416 +1
============================================
- Hits 102790 102784 -6
+ Misses 29415 29406 -9
- Partials 8077 8089 +12
```
| [Flag](https://app.codecov.io/gh/apache/pulsar/pull/21395/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) | Coverage Δ | |
|---|---|---|
| [inttests](https://app.codecov.io/gh/apache/pulsar/pull/21395/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) | `24.19% <50.00%> (+0.02%)` | :arrow_up: |
| [systests](https://app.codecov.io/gh/apache/pulsar/pull/21395/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) | `24.73% <0.00%> (+0.01%)` | :arrow_up: |
| [unittests](https://app.codecov.io/gh/apache/pulsar/pull/21395/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) | `72.56% <100.00%> (-0.02%)` | :arrow_down: |
Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache#carryforward-flags-in-the-pull-request-comment) to find out more.
| [Files](https://app.codecov.io/gh/apache/pulsar/pull/21395?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) | Coverage Δ | |
|---|---|---|
| [...sar/broker/service/persistent/PersistentTopic.java](https://app.codecov.io/gh/apache/pulsar/pull/21395?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache#diff-cHVsc2FyLWJyb2tlci9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvcHVsc2FyL2Jyb2tlci9zZXJ2aWNlL3BlcnNpc3RlbnQvUGVyc2lzdGVudFRvcGljLmphdmE=) | `79.49% <100.00%> (+0.20%)` | :arrow_up: |
... and [65 files with indirect coverage changes](https://app.codecov.io/gh/apache/pulsar/pull/21395/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org