You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jmeter.apache.org by GitBox <gi...@apache.org> on 2020/12/17 11:03:34 UTC

[GitHub] [jmeter] sseide opened a new pull request #639: update xstreams to 1.4.15 (from 1.4.14)

sseide opened a new pull request #639:
URL: https://github.com/apache/jmeter/pull/639


   ## Description
   within the current xstream version 1.4.14 two more vulnerabilities were found. These are fixed with the update to 1.4.15.
   * CVE-2020-26258 (Server-Side Forgery Request)
   * CVE-2020-26259 (arbitrary file deletion)
   
   ## Motivation and Context
   Fix potential security problems
   
   ## How Has This Been Tested?
   run `gradlew check`, first run failed with one library (xstream) having changed as expected, rerun with `-PupdateExpectedJars` switch.
   The following executions of `gradlew check` and `gradlew test` succeeded now.
   
   
   ## Screenshots (if appropriate):
   none
   
   ## Types of changes
   - Bug fix (non-breaking change which fixes an issue)
   
   ## Checklist:
   - [x] My code follows the [code style][style-guide] of this project.
   - [x] I have updated the documentation accordingly.
   
   [style-guide]: https://wiki.apache.org/jmeter/CodeStyleGuidelines
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [jmeter] codecov-io commented on pull request #639: update xstreams to 1.4.15 (from 1.4.14)

Posted by GitBox <gi...@apache.org>.

codecov-io commented on pull request #639:
URL: https://github.com/apache/jmeter/pull/639#issuecomment-747374745


   # [Codecov](https://codecov.io/gh/apache/jmeter/pull/639?src=pr&el=h1) Report
   > Merging [#639](https://codecov.io/gh/apache/jmeter/pull/639?src=pr&el=desc) (0e8c999) into [master](https://codecov.io/gh/apache/jmeter/commit/53c6db8676b868db10d668e7ede2ef36cf8241b9?el=desc) (53c6db8) will **decrease** coverage by `0.00%`.
   > The diff coverage is `n/a`.
   
   [![Impacted file tree graph](https://codecov.io/gh/apache/jmeter/pull/639/graphs/tree.svg?width=650&height=150&src=pr&token=6Q7CI1wFSh)](https://codecov.io/gh/apache/jmeter/pull/639?src=pr&el=tree)
   
   ```diff
   @@             Coverage Diff              @@
   ##             master     #639      +/-   ##
   ============================================
   - Coverage     55.42%   55.42%   -0.01%     
   + Complexity    10132    10131       -1     
   ============================================
     Files          1041     1041              
     Lines         63951    63951              
     Branches       7226     7226              
   ============================================
   - Hits          35447    35446       -1     
     Misses        26009    26009              
   - Partials       2495     2496       +1     
   ```
   
   
   | [Impacted Files](https://codecov.io/gh/apache/jmeter/pull/639?src=pr&el=tree) | Coverage Δ | Complexity Δ | |
   |---|---|---|---|
   | [...n/java/org/apache/jmeter/reporters/Summariser.java](https://codecov.io/gh/apache/jmeter/pull/639/diff?src=pr&el=tree#diff-c3JjL2NvcmUvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2ptZXRlci9yZXBvcnRlcnMvU3VtbWFyaXNlci5qYXZh) | `84.73% <0.00%> (-0.77%)` | `17.00% <0.00%> (-1.00%)` | |
   
   ------
   
   [Continue to review full report at Codecov](https://codecov.io/gh/apache/jmeter/pull/639?src=pr&el=continue).
   > **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta)
   > `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
   > Powered by [Codecov](https://codecov.io/gh/apache/jmeter/pull/639?src=pr&el=footer). Last update [53c6db8...0e8c999](https://codecov.io/gh/apache/jmeter/pull/639?src=pr&el=lastupdated). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [jmeter] pmouawad merged pull request #639: update xstreams to 1.4.15 (from 1.4.14)

Posted by GitBox <gi...@apache.org>.

pmouawad merged pull request #639:
URL: https://github.com/apache/jmeter/pull/639


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org