You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@rocketmq.apache.org by GitBox <gi...@apache.org> on 2022/11/20 06:05:07 UTC
[GitHub] [rocketmq] pen4 opened a new pull request, #5547: fix(sec): upgrade com.alibaba:fastjson to 1.2.83
pen4 opened a new pull request, #5547:
URL: https://github.com/apache/rocketmq/pull/5547
### What happened?
There are 1 security vulnerabilities found in com.alibaba:fastjson 1.2.69_noneautotype
- [CVE-2022-25845](https://www.oscs1024.com/hd/CVE-2022-25845)
### What did I do?
Upgrade com.alibaba:fastjson from 1.2.69_noneautotype to 1.2.83 for vulnerability fix
### What did you expect to happen?
Ideally, no insecure libs should be used.
### The specification of the pull request
[PR Specification](https://www.oscs1024.com/docs/pr-specification/) from OSCS
Signed-off-by:pen4<94...@qq.com>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@rocketmq.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [rocketmq] codecov-commenter commented on pull request #5547: fix(sec): upgrade com.alibaba:fastjson to 1.2.83
Posted by GitBox <gi...@apache.org>.
codecov-commenter commented on PR #5547:
URL: https://github.com/apache/rocketmq/pull/5547#issuecomment-1321065645
# [Codecov](https://codecov.io/gh/apache/rocketmq/pull/5547?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#5547](https://codecov.io/gh/apache/rocketmq/pull/5547?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (5a338ca) into [develop](https://codecov.io/gh/apache/rocketmq/commit/da5a5b62927d041ad858bc4dd973e1bf68abcb1b?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (da5a5b6) will **not change** coverage.
> The diff coverage is `100.00%`.
```diff
@@ Coverage Diff @@
## develop #5547 +/- ##
==========================================
Coverage 42.71% 42.71%
- Complexity 8031 8033 +2
==========================================
Files 1031 1031
Lines 72743 72743
Branches 9614 9614
==========================================
Hits 31073 31073
+ Misses 37734 37731 -3
- Partials 3936 3939 +3
```
| [Impacted Files](https://codecov.io/gh/apache/rocketmq/pull/5547?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
|---|---|---|
| [...he/rocketmq/controller/impl/DLedgerController.java](https://codecov.io/gh/apache/rocketmq/pull/5547/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Y29udHJvbGxlci9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvcm9ja2V0bXEvY29udHJvbGxlci9pbXBsL0RMZWRnZXJDb250cm9sbGVyLmphdmE=) | `66.49% <100.00%> (ø)` | |
| [...org/apache/rocketmq/store/ha/WaitNotifyObject.java](https://codecov.io/gh/apache/rocketmq/pull/5547/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3RvcmUvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3JvY2tldG1xL3N0b3JlL2hhL1dhaXROb3RpZnlPYmplY3QuamF2YQ==) | `80.35% <0.00%> (-5.36%)` | :arrow_down: |
| [...tmq/remoting/protocol/body/ConsumerConnection.java](https://codecov.io/gh/apache/rocketmq/pull/5547/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-cmVtb3Rpbmcvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3JvY2tldG1xL3JlbW90aW5nL3Byb3RvY29sL2JvZHkvQ29uc3VtZXJDb25uZWN0aW9uLmphdmE=) | `95.83% <0.00%> (-4.17%)` | :arrow_down: |
| [...cketmq/broker/schedule/ScheduleMessageService.java](https://codecov.io/gh/apache/rocketmq/pull/5547/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-YnJva2VyL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9yb2NrZXRtcS9icm9rZXIvc2NoZWR1bGUvU2NoZWR1bGVNZXNzYWdlU2VydmljZS5qYXZh) | `56.91% <0.00%> (-1.14%)` | :arrow_down: |
| [...che/rocketmq/acl/plain/PlainPermissionManager.java](https://codecov.io/gh/apache/rocketmq/pull/5547/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-YWNsL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9yb2NrZXRtcS9hY2wvcGxhaW4vUGxhaW5QZXJtaXNzaW9uTWFuYWdlci5qYXZh) | `78.22% <0.00%> (-0.54%)` | :arrow_down: |
| [...cketmq/store/ha/autoswitch/AutoSwitchHAClient.java](https://codecov.io/gh/apache/rocketmq/pull/5547/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3RvcmUvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3JvY2tldG1xL3N0b3JlL2hhL2F1dG9zd2l0Y2gvQXV0b1N3aXRjaEhBQ2xpZW50LmphdmE=) | `75.92% <0.00%> (-0.38%)` | :arrow_down: |
| [...mq/store/ha/autoswitch/AutoSwitchHAConnection.java](https://codecov.io/gh/apache/rocketmq/pull/5547/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3RvcmUvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3JvY2tldG1xL3N0b3JlL2hhL2F1dG9zd2l0Y2gvQXV0b1N3aXRjaEhBQ29ubmVjdGlvbi5qYXZh) | `71.35% <0.00%> (-0.28%)` | :arrow_down: |
| [...mq/client/impl/producer/DefaultMQProducerImpl.java](https://codecov.io/gh/apache/rocketmq/pull/5547/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Y2xpZW50L3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9yb2NrZXRtcS9jbGllbnQvaW1wbC9wcm9kdWNlci9EZWZhdWx0TVFQcm9kdWNlckltcGwuamF2YQ==) | `46.17% <0.00%> (-0.25%)` | :arrow_down: |
| [.../org/apache/rocketmq/proxy/config/ProxyConfig.java](https://codecov.io/gh/apache/rocketmq/pull/5547/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-cHJveHkvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3JvY2tldG1xL3Byb3h5L2NvbmZpZy9Qcm94eUNvbmZpZy5qYXZh) | `46.92% <0.00%> (ø)` | |
| [...main/java/org/apache/rocketmq/store/CommitLog.java](https://codecov.io/gh/apache/rocketmq/pull/5547/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3RvcmUvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3JvY2tldG1xL3N0b3JlL0NvbW1pdExvZy5qYXZh) | `65.49% <0.00%> (+0.10%)` | :arrow_up: |
| ... and [5 more](https://codecov.io/gh/apache/rocketmq/pull/5547/diff?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | |
:mega: We’re building smart automated test selection to slash your CI/CD build times. [Learn more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@rocketmq.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [rocketmq] hzh0425 merged pull request #5547: fix(sec): upgrade com.alibaba:fastjson to 1.2.83
Posted by GitBox <gi...@apache.org>.
hzh0425 merged PR #5547:
URL: https://github.com/apache/rocketmq/pull/5547
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@rocketmq.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org