You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tinkerpop.apache.org by robertdale <gi...@git.apache.org> on 2018/09/11 12:37:52 UTC
[GitHub] tinkerpop pull request #930: TINKERPOP-2032 bump jython-standalone 2.7.1
GitHub user robertdale opened a pull request:
https://github.com/apache/tinkerpop/pull/930
TINKERPOP-2032 bump jython-standalone 2.7.1
https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451
Overview
org.python:jython-standalone Affected versions of this package are vulnerable to Arbitrary Code Execution by sending a serialized function to the deserializer, which in turn will execute the code.
References
[CVE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4000)
[Jython Bug Report](http://bugs.jython.org/issue2454)
[Fix Commit](https://hg.python.org/jython/rev/d06e29d100c0)
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/apache/tinkerpop TINKERPOP-2032
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/tinkerpop/pull/930.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #930
----
commit f70d108e0e9cace79565c658e6bac5c7e9f045ba
Author: Robert Dale <ro...@...>
Date: 2018-09-11T12:35:33Z
TINKERPOP-2032 bump jython-standalone 2.7.1
----
---
[GitHub] tinkerpop issue #930: TINKERPOP-2032 bump jython-standalone 2.7.1
Posted by robertdale <gi...@git.apache.org>.
Github user robertdale commented on the issue:
https://github.com/apache/tinkerpop/pull/930
tp33: `docker/build.sh -i -t -n` SUCCESS
master: building...
---
[GitHub] tinkerpop issue #930: TINKERPOP-2032 bump jython-standalone 2.7.1
Posted by robertdale <gi...@git.apache.org>.
Github user robertdale commented on the issue:
https://github.com/apache/tinkerpop/pull/930
master: `docker/build.sh -i -t -n` BUILD SUCCESS
---
[GitHub] tinkerpop issue #930: TINKERPOP-2032 bump jython-standalone 2.7.1
Posted by spmallette <gi...@git.apache.org>.
Github user spmallette commented on the issue:
https://github.com/apache/tinkerpop/pull/930
I felt like I tried this once before and I got all kinda hella build failures....maybe I'm mistaken. Seems to build now. I would try to merge forward to the other branches and see what happens there - assuming it all builds down the line then VOTE +1 - thanks for monitoring this kind of stuff.
---
[GitHub] tinkerpop issue #930: TINKERPOP-2032 bump jython-standalone 2.7.1
Posted by robertdale <gi...@git.apache.org>.
Github user robertdale commented on the issue:
https://github.com/apache/tinkerpop/pull/930
VOTE +1
---
[GitHub] tinkerpop issue #930: TINKERPOP-2032 bump jython-standalone 2.7.1
Posted by robertdale <gi...@git.apache.org>.
Github user robertdale commented on the issue:
https://github.com/apache/tinkerpop/pull/930
Claiming 7-day rule :smile:
---
[GitHub] tinkerpop pull request #930: TINKERPOP-2032 bump jython-standalone 2.7.1
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/tinkerpop/pull/930
---