You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by "lhotari (via GitHub)" <gi...@apache.org> on 2023/10/19 05:50:11 UTC
[PR] [fix][sec] Upgrade Netty to 4.1.100 to address CVE-2023-44487 [pulsar]
lhotari opened a new pull request, #21397:
URL: https://github.com/apache/pulsar/pull/21397
### Motivation
OWASP dependency check reports CVE-2023-44487 for Netty (and also Jetty).
### Modifications
Upgrade Netty to 4.1.100.
Release notes: https://netty.io/news/2023/10/10/4-1-100-Final.html
### Documentation
<!-- DO NOT REMOVE THIS SECTION. CHECK THE PROPER BOX ONLY. -->
- [ ] `doc` <!-- Your PR contains doc changes. -->
- [ ] `doc-required` <!-- Your PR changes impact docs and you will update later -->
- [x] `doc-not-needed` <!-- Your PR changes do not impact docs -->
- [ ] `doc-complete` <!-- Docs have been already added -->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] [fix][sec] Upgrade Netty to 4.1.100 to address CVE-2023-44487 [pulsar]
Posted by "lhotari (via GitHub)" <gi...@apache.org>.
lhotari commented on PR #21397:
URL: https://github.com/apache/pulsar/pull/21397#issuecomment-1781393773
> Can this be marked/labeled cherry-picked/branch-3.1? This would go great with #21395.
@compuguy cherry picked together with #21395 to [branch-3.1](https://github.com/apache/pulsar/commits/branch-3.1) .
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] [fix][sec] Upgrade Netty to 4.1.100 to address CVE-2023-44487 [pulsar]
Posted by "codecov-commenter (via GitHub)" <gi...@apache.org>.
codecov-commenter commented on PR #21397:
URL: https://github.com/apache/pulsar/pull/21397#issuecomment-1770402645
## [Codecov](https://app.codecov.io/gh/apache/pulsar/pull/21397?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) Report
> Merging [#21397](https://app.codecov.io/gh/apache/pulsar/pull/21397?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) (3c932df) into [master](https://app.codecov.io/gh/apache/pulsar/commit/b1bca5609d254734ccca63b616eba33ce3a8b70b?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) (b1bca56) will **increase** coverage by `0.03%`.
> Report is 5 commits behind head on master.
> The diff coverage is `100.00%`.
[![Impacted file tree graph](https://app.codecov.io/gh/apache/pulsar/pull/21397/graphs/tree.svg?width=650&height=150&src=pr&token=acYqCpsK9J&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache)](https://app.codecov.io/gh/apache/pulsar/pull/21397?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache)
```diff
@@ Coverage Diff @@
## master #21397 +/- ##
============================================
+ Coverage 73.27% 73.30% +0.03%
+ Complexity 32581 32473 -108
============================================
Files 1888 1888
Lines 140282 140279 -3
Branches 15415 15416 +1
============================================
+ Hits 102790 102834 +44
+ Misses 29415 29350 -65
- Partials 8077 8095 +18
```
| [Flag](https://app.codecov.io/gh/apache/pulsar/pull/21397/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) | Coverage Δ | |
|---|---|---|
| [inttests](https://app.codecov.io/gh/apache/pulsar/pull/21397/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) | `24.19% <50.00%> (+0.03%)` | :arrow_up: |
| [systests](https://app.codecov.io/gh/apache/pulsar/pull/21397/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) | `24.74% <0.00%> (+0.03%)` | :arrow_up: |
| [unittests](https://app.codecov.io/gh/apache/pulsar/pull/21397/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) | `72.58% <100.00%> (+<0.01%)` | :arrow_up: |
Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache#carryforward-flags-in-the-pull-request-comment) to find out more.
| [Files](https://app.codecov.io/gh/apache/pulsar/pull/21397?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) | Coverage Δ | |
|---|---|---|
| [...sar/broker/service/persistent/PersistentTopic.java](https://app.codecov.io/gh/apache/pulsar/pull/21397?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache#diff-cHVsc2FyLWJyb2tlci9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvcHVsc2FyL2Jyb2tlci9zZXJ2aWNlL3BlcnNpc3RlbnQvUGVyc2lzdGVudFRvcGljLmphdmE=) | `79.44% <100.00%> (+0.15%)` | :arrow_up: |
... and [76 files with indirect coverage changes](https://app.codecov.io/gh/apache/pulsar/pull/21397/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] [fix][sec] Upgrade Netty to 4.1.100 to address CVE-2023-44487 [pulsar]
Posted by "Technoboy- (via GitHub)" <gi...@apache.org>.
Technoboy- merged PR #21397:
URL: https://github.com/apache/pulsar/pull/21397
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] [fix][sec] Upgrade Netty to 4.1.100 to address CVE-2023-44487 [pulsar]
Posted by "CTTY (via GitHub)" <gi...@apache.org>.
CTTY commented on PR #21397:
URL: https://github.com/apache/pulsar/pull/21397#issuecomment-1832891103
Would this be backported to 2.x version of pulsar?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] [fix][sec] Upgrade Netty to 4.1.100 to address CVE-2023-44487 [pulsar]
Posted by "compuguy (via GitHub)" <gi...@apache.org>.
compuguy commented on PR #21397:
URL: https://github.com/apache/pulsar/pull/21397#issuecomment-1781347534
Can this be marked/labeled cherry-picked/branch-3.1? This would go great with #21395.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org