You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@linkis.apache.org by GitBox <gi...@apache.org> on 2022/07/13 05:17:08 UTC
[GitHub] [incubator-linkis] duhanmin opened a new pull request, #2462: [ISSUE-2395]SynchronossPartHttpMessageReader should only create temp directory when needed/CVE-2022-2296
duhanmin opened a new pull request, #2462:
URL: https://github.com/apache/incubator-linkis/pull/2462
https://github.com/spring-projects/spring-framework/issues/27092
1 . SynchronossPartHttpMessageReader should only create temp directory when needed
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965
2. A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
### Does this pull request potentially affect one of the following parts:
- Dependencies (does it add or upgrade a dependency): (yes)
https://github.com/apache/incubator-linkis/issues/2395
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For additional commands, e-mail: notifications-help@linkis.apache.org
[GitHub] [incubator-linkis] jackxu2011 commented on pull request #2462: [ISSUE-2395]SynchronossPartHttpMessageReader should only create temp directory when needed/CVE-2022-2296
Posted by GitBox <gi...@apache.org>.
jackxu2011 commented on PR #2462:
URL: https://github.com/apache/incubator-linkis/pull/2462#issuecomment-1182790256
LGTM
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For additional commands, e-mail: notifications-help@linkis.apache.org
[GitHub] [incubator-linkis] codecov[bot] commented on pull request #2462: [ISSUE-2395]SynchronossPartHttpMessageReader should only create temp directory when needed/CVE-2022-2296
Posted by GitBox <gi...@apache.org>.
codecov[bot] commented on PR #2462:
URL: https://github.com/apache/incubator-linkis/pull/2462#issuecomment-1182786511
# [Codecov](https://codecov.io/gh/apache/incubator-linkis/pull/2462?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#2462](https://codecov.io/gh/apache/incubator-linkis/pull/2462?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (1b58238) into [dev-1.2.0](https://codecov.io/gh/apache/incubator-linkis/commit/b4627300e2dc80ff3031a5d8140cb34c26941cba?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (b462730) will **decrease** coverage by `1.23%`.
> The diff coverage is `n/a`.
```diff
@@ Coverage Diff @@
## dev-1.2.0 #2462 +/- ##
===============================================
- Coverage 17.83% 16.59% -1.24%
- Complexity 1077 1103 +26
===============================================
Files 595 636 +41
Lines 17667 19520 +1853
Branches 2635 2769 +134
===============================================
+ Hits 3151 3240 +89
- Misses 14092 15843 +1751
- Partials 424 437 +13
```
| [Impacted Files](https://codecov.io/gh/apache/incubator-linkis/pull/2462?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
|---|---|---|
| [...apache/linkis/scheduler/future/BDPFutureTask.scala](https://codecov.io/gh/apache/incubator-linkis/pull/2462/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-bGlua2lzLWNvbW1vbnMvbGlua2lzLXNjaGVkdWxlci9zcmMvbWFpbi9zY2FsYS9vcmcvYXBhY2hlL2xpbmtpcy9zY2hlZHVsZXIvZnV0dXJlL0JEUEZ1dHVyZVRhc2suc2NhbGE=) | `70.00% <0.00%> (-5.00%)` | :arrow_down: |
| [...s/scheduler/queue/fifoqueue/FIFOUserConsumer.scala](https://codecov.io/gh/apache/incubator-linkis/pull/2462/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-bGlua2lzLWNvbW1vbnMvbGlua2lzLXNjaGVkdWxlci9zcmMvbWFpbi9zY2FsYS9vcmcvYXBhY2hlL2xpbmtpcy9zY2hlZHVsZXIvcXVldWUvZmlmb3F1ZXVlL0ZJRk9Vc2VyQ29uc3VtZXIuc2NhbGE=) | `35.55% <0.00%> (-2.23%)` | :arrow_down: |
| [...org/apache/linkis/common/utils/VariableUtils.scala](https://codecov.io/gh/apache/incubator-linkis/pull/2462/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-bGlua2lzLWNvbW1vbnMvbGlua2lzLWNvbW1vbi9zcmMvbWFpbi9zY2FsYS9vcmcvYXBhY2hlL2xpbmtpcy9jb21tb24vdXRpbHMvVmFyaWFibGVVdGlscy5zY2FsYQ==) | `59.77% <0.00%> (-0.35%)` | :arrow_down: |
| [...n/java/org/apache/linkis/common/utils/DESUtil.java](https://codecov.io/gh/apache/incubator-linkis/pull/2462/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-bGlua2lzLWNvbW1vbnMvbGlua2lzLWNvbW1vbi9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvbGlua2lzL2NvbW1vbi91dGlscy9ERVNVdGlsLmphdmE=) | `0.00% <0.00%> (ø)` | |
| [...a/org/apache/linkis/scheduler/event/LogEvent.scala](https://codecov.io/gh/apache/incubator-linkis/pull/2462/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-bGlua2lzLWNvbW1vbnMvbGlua2lzLXNjaGVkdWxlci9zcmMvbWFpbi9zY2FsYS9vcmcvYXBhY2hlL2xpbmtpcy9zY2hlZHVsZXIvZXZlbnQvTG9nRXZlbnQuc2NhbGE=) | `50.00% <0.00%> (ø)` | |
| [...ache/linkis/common/listener/ListenerEventBus.scala](https://codecov.io/gh/apache/incubator-linkis/pull/2462/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-bGlua2lzLWNvbW1vbnMvbGlua2lzLWNvbW1vbi9zcmMvbWFpbi9zY2FsYS9vcmcvYXBhY2hlL2xpbmtpcy9jb21tb24vbGlzdGVuZXIvTGlzdGVuZXJFdmVudEJ1cy5zY2FsYQ==) | `0.00% <0.00%> (ø)` | |
| [.../apache/linkis/jobhistory/cache/utils/MD5Util.java](https://codecov.io/gh/apache/incubator-linkis/pull/2462/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-bGlua2lzLXB1YmxpYy1lbmhhbmNlbWVudHMvbGlua2lzLXB1YmxpY3NlcnZpY2UvbGlua2lzLWpvYmhpc3Rvcnkvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2xpbmtpcy9qb2JoaXN0b3J5L2NhY2hlL3V0aWxzL01ENVV0aWwuamF2YQ==) | `0.00% <0.00%> (ø)` | |
| [.../org/apache/linkis/bml/common/ExecutorManager.java](https://codecov.io/gh/apache/incubator-linkis/pull/2462/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-bGlua2lzLXB1YmxpYy1lbmhhbmNlbWVudHMvbGlua2lzLWJtbC9saW5raXMtYm1sLXNlcnZlci9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvbGlua2lzL2JtbC9jb21tb24vRXhlY3V0b3JNYW5hZ2VyLmphdmE=) | `0.00% <0.00%> (ø)` | |
| [.../bml/service/impl/BmlShareResourceServiceImpl.java](https://codecov.io/gh/apache/incubator-linkis/pull/2462/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-bGlua2lzLXB1YmxpYy1lbmhhbmNlbWVudHMvbGlua2lzLWJtbC9saW5raXMtYm1sLXNlcnZlci9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvbGlua2lzL2JtbC9zZXJ2aWNlL2ltcGwvQm1sU2hhcmVSZXNvdXJjZVNlcnZpY2VJbXBsLmphdmE=) | `0.00% <0.00%> (ø)` | |
| [...va/org/apache/linkis/bml/Entity/DownloadModel.java](https://codecov.io/gh/apache/incubator-linkis/pull/2462/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-bGlua2lzLXB1YmxpYy1lbmhhbmNlbWVudHMvbGlua2lzLWJtbC9saW5raXMtYm1sLXNlcnZlci9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvbGlua2lzL2JtbC9FbnRpdHkvRG93bmxvYWRNb2RlbC5qYXZh) | `0.00% <0.00%> (ø)` | |
| ... and [43 more](https://codecov.io/gh/apache/incubator-linkis/pull/2462/diff?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | |
------
[Continue to review full report at Codecov](https://codecov.io/gh/apache/incubator-linkis/pull/2462?src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by [Codecov](https://codecov.io/gh/apache/incubator-linkis/pull/2462?src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Last update [b462730...1b58238](https://codecov.io/gh/apache/incubator-linkis/pull/2462?src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For additional commands, e-mail: notifications-help@linkis.apache.org
[GitHub] [incubator-linkis] casionone merged pull request #2462: [ISSUE-2395]SynchronossPartHttpMessageReader should only create temp directory when needed/CVE-2022-2296
Posted by GitBox <gi...@apache.org>.
casionone merged PR #2462:
URL: https://github.com/apache/incubator-linkis/pull/2462
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For additional commands, e-mail: notifications-help@linkis.apache.org
[GitHub] [incubator-linkis] casionone commented on pull request #2462: [ISSUE-2395]SynchronossPartHttpMessageReader should only create temp directory when needed/CVE-2022-2296
Posted by GitBox <gi...@apache.org>.
casionone commented on PR #2462:
URL: https://github.com/apache/incubator-linkis/pull/2462#issuecomment-1183916422
LGTM
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For additional commands, e-mail: notifications-help@linkis.apache.org