You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by br...@apache.org on 2022/12/05 16:11:23 UTC
[cassandra] 01/01: Merge branch 'cassandra-3.11' into cassandra-4.0
This is an automated email from the ASF dual-hosted git repository.
brandonwilliams pushed a commit to branch cassandra-4.0
in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit c2bbee2020af7b07eb478c10df21a8d081ec6a7e
Merge: bba7ab3eca b7762e2aa2
Author: Brandon Williams <br...@apache.org>
AuthorDate: Mon Dec 5 10:06:17 2022 -0600
Merge branch 'cassandra-3.11' into cassandra-4.0
.build/dependency-check-suppressions.xml | 1 +
CHANGES.txt | 1 +
2 files changed, 2 insertions(+)
diff --cc .build/dependency-check-suppressions.xml
index c833fd252b,d2ee33617d..481d8d0b3f
--- a/.build/dependency-check-suppressions.xml
+++ b/.build/dependency-check-suppressions.xml
@@@ -37,20 -29,16 +37,21 @@@
<cve>CVE-2022-38750</cve>
<cve>CVE-2022-38751</cve>
<cve>CVE-2022-38752</cve>
+ <cve>CVE-2022-41854</cve>
</suppress>
-
- <!-- https://issues.apache.org/jira/browse/CASSANDRA-15417 -->
+ <suppress>
+ <!-- dependency checker identified this as a completely different package (wire) -->
+ <packageUrl regex="true">^pkg:maven/net\.openhft/chronicle\-wire@.*$</packageUrl>
+ <cpe>cpe:/a:wire:wire</cpe>
+ </suppress>
+ <suppress>
+ <!-- not applicable https://nvd.nist.gov/vuln/detail/CVE-2020-8908 -->
+ <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
+ <cve>CVE-2020-8908</cve>
+ </suppress>
+ <!-- netty's http stuff is not applicable here -->
<suppress>
<packageUrl regex="true">^pkg:maven/io\.netty/netty\-all@.*$</packageUrl>
- <cve>CVE-2019-16869</cve>
- <cve>CVE-2019-20444</cve>
- <cve>CVE-2019-20445</cve>
- <cve>CVE-2020-7238</cve>
<cve>CVE-2021-21290</cve>
<cve>CVE-2021-21295</cve>
<cve>CVE-2021-21409</cve>
diff --cc CHANGES.txt
index de9e6f07cf,4223a5cd8d..fc0d9fb2c6
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,24 -1,12 +1,25 @@@
-3.11.15
+4.0.8
+ * Harden parsing of boolean values in CQL in PropertyDefinitions (CASSANDRA-17878)
+ * Fix error message about type hints (CASSANDRA-17915)
+ * Fix possible race condition on repair snapshots (CASSANDRA-17955)
+ * Fix ASM bytecode version inconsistency (CASSANDRA-17873)
+Merged from 3.11:
* Fix Splitter sometimes creating more splits than requested (CASSANDRA-18013)
-
Merged from 3.0:
+ * Suppress CVE-2022-41854 and similar (CASSANDRA-18083)
* Fix running Ant rat targets without git (CASSANDRA-17974)
-
-3.11.14
+4.0.7
+ * Remove empty cq4 files in log directory to not fail the startup of BinLog (CASSANDRA-17933)
+ * Fix multiple BufferPool bugs (CASSANDRA-16681)
+ * Fix StorageService.getNativeaddress handling of IPv6 addresses (CASSANDRA-17945)
+ * Mitigate direct buffer memory OOM on replacements (CASSANDRA-17895)
+ * Fix repair failure on assertion if two peers have overlapping mismatching ranges (CASSANDRA-17900)
+ * Better handle null state in Gossip schema migration to avoid NPE (CASSANDRA-17864)
+ * HintedHandoffAddRemoveNodesTest now accounts for the fact that StorageMetrics.totalHints is not updated synchronously w/ writes (CASSANDRA-16679)
+ * Avoid getting hanging repairs due to repair message timeouts (CASSANDRA-17613)
+ * Prevent infinite loop in repair coordinator on FailSession (CASSANDRA-17834)
+Merged from 3.11:
* Suppress CVE-2022-42003 and CVE-2022-42004 (CASSANDRA-17966)
* Make LongBufferPoolTest insensitive to timing (CASSANDRA-16681)
* Suppress CVE-2022-25857 and other snakeyaml CVEs (CASSANDRA-17907)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org