You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by br...@apache.org on 2022/09/21 10:57:04 UTC
[cassandra] 01/01: Merge branch 'cassandra-3.11' into cassandra-4.0
This is an automated email from the ASF dual-hosted git repository.
brandonwilliams pushed a commit to branch cassandra-4.0
in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit 756fb41512abc090fa22f73e70630b300458ebca
Merge: 22ec7eee7f 70b0673d85
Author: Brandon Williams <br...@apache.org>
AuthorDate: Wed Sep 21 05:48:48 2022 -0500
Merge branch 'cassandra-3.11' into cassandra-4.0
.build/dependency-check-suppressions.xml | 9 +++++++++
CHANGES.txt | 1 +
2 files changed, 10 insertions(+)
diff --cc .build/dependency-check-suppressions.xml
index 5ceca24397,28cbf593bd..9a84700c64
--- a/.build/dependency-check-suppressions.xml
+++ b/.build/dependency-check-suppressions.xml
@@@ -21,26 -21,23 +21,35 @@@
-->
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
- <!-- https://issues.apache.org/jira/browse/CASSANDRA-16150 -->
+ <!-- not applicable since 4.0 -->
+ <packageUrl regex="true">^pkg:maven/com\.datastax\.cassandra/cassandra\-driver\-core@.*$</packageUrl>
+ <cve>CVE-2018-8016</cve>
+ <cve>CVE-2020-13946</cve>
+ <cve>CVE-2020-17516</cve>
+ <cve>CVE-2021-44521</cve>
+ </suppress>
++ <suppress>
++ <!-- https://issues.apache.org/jira/browse/CASSANDRA-17907 -->
+ <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
- <cve>CVE-2017-18640</cve>
+ <cve>CVE-2022-25857</cve>
+ <cve>CVE-2022-38749</cve>
+ <cve>CVE-2022-38750</cve>
+ <cve>CVE-2022-38751</cve>
+ <cve>CVE-2022-38752</cve>
+ </suppress>
-
- <!-- https://issues.apache.org/jira/browse/CASSANDRA-15417 -->
+ <suppress>
+ <!-- dependency checker identified this as a completely different package (wire) -->
+ <packageUrl regex="true">^pkg:maven/net\.openhft/chronicle\-wire@.*$</packageUrl>
+ <cpe>cpe:/a:wire:wire</cpe>
+ </suppress>
+ <suppress>
+ <!-- not applicable https://nvd.nist.gov/vuln/detail/CVE-2020-8908 -->
+ <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
+ <cve>CVE-2020-8908</cve>
+ </suppress>
+ <!-- netty's http stuff is not applicable here -->
<suppress>
<packageUrl regex="true">^pkg:maven/io\.netty/netty\-all@.*$</packageUrl>
- <cve>CVE-2019-16869</cve>
- <cve>CVE-2019-20444</cve>
- <cve>CVE-2019-20445</cve>
- <cve>CVE-2020-7238</cve>
<cve>CVE-2021-21290</cve>
<cve>CVE-2021-21295</cve>
<cve>CVE-2021-21409</cve>
diff --cc CHANGES.txt
index 664791f43a,d3031cd294..76c64f2dc9
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,46 -1,15 +1,47 @@@
-3.11.14
+4.0.7
+ * Mitigate direct buffer memory OOM on replacements (CASSANDRA-17895)
+ * Fix repair failure on assertion if two peers have overlapping mismatching ranges (CASSANDRA-17900)
+ * Better handle null state in Gossip schema migration to avoid NPE (CASSANDRA-17864)
+ * HintedHandoffAddRemoveNodesTest now accounts for the fact that StorageMetrics.totalHints is not updated synchronously w/ writes (CASSANDRA-16679)
+ * Avoid getting hanging repairs due to repair message timeouts (CASSANDRA-17613)
+ * Prevent infinite loop in repair coordinator on FailSession (CASSANDRA-17834)
+Merged from 3.11:
+ * Suppress CVE-2022-25857 and other snakeyaml CVEs (CASSANDRA-17907)
* Fix potential IndexOutOfBoundsException in PagingState in mixed mode clusters (CASSANDRA-17840)
- * Document usage of closed token intervals in manual compaction (CASSANDRA-17575)
- * Creating of a keyspace on insufficient number of replicas should filter out gosspping-only members (CASSANDRA-17759)
- * Only use statically defined subcolumns when determining column definition for supercolumn cell (CASSANDRA-14113)
Merged from 3.0:
* Fix scrubber falling into infinite loop when the last partition is broken (CASSANDRA-17862)
+ * Fix resetting schema (CASSANDRA-17819)
+
+4.0.6
+ * Fix race condition on updating cdc size and advancing to next segment (CASSANDRA-17792)
+ * Add 'noboolean' rpm build for older distros like CentOS7 (CASSANDRA-17765)
+ * Fix default value for compaction_throughput_mb_per_sec in Config class to match the one in cassandra.yaml (CASSANDRA-17790)
+ * Fix Setting Virtual Table - update after startup config properties gc_log_threshold_in_ms, gc_warn_threshold_in_ms,
+ conf.index_summary_capacity_in_mb, prepared_statements_cache_size_mb, key_cache_size_in_mb, counter_cache_size_in_mb
+ (CASSANDRA-17737)
+ * Fix Settings Virtual Table - index_summary_resize_interval and index_summary_capacity were not updated after startup (CASSANDRA-17735)
+ * Clean up ScheduledExecutors, CommitLog, and MessagingService shutdown for in-JVM dtests (CASSANDRA-17731)
+ * Remove extra write to system table for prepared statements (CASSANDRA-17764)
+Merged from 3.11:
+ * Document usage of closed token intervals in manual compaction (CASSANDRA-17575)
+Merged from 3.0:
* Improve libjemalloc resolution in bin/cassandra (CASSANDRA-15767)
* Fix restarting of services on gossipping-only member (CASSANDRA-17752)
+
+4.0.5
+ * Utilise BTree improvements to reduce garbage and improve throughput (CASSANDRA-15511)
+ * Make sure existing delayed tasks in StreamTransferTask cannot prevent clean shutdown (CASSANDRA-17706)
+ * SSL storage port in sstableloader is deprecated (CASSANDRA-17602)
+ * Fix counter write timeouts at ONE (CASSANDRA-17411)
+ * Fix NPE in getLocalPrimaryRangeForEndpoint (CASSANDRA-17680)
+ * Remove SSL storage port from sstableloader (CASSANDRA-17602)
+ * Allow Java 11 to satisfy RPM/Debian packaging (CASSANDRA-17669)
+ * Ensure FileStreamTask cannot compromise shared channel proxy for system table when interrupted (CASSANDRA-17663)
+ * silence benign SslClosedEngineException (CASSANDRA-17565)
+Merged from 3.11:
+ * Creating of a keyspace on insufficient number of replicas should filter out gosspping-only members (CASSANDRA-17759)
+Merged from 3.0:
* Fix writetime and ttl functions forbidden for collections instead of multicell columns (CASSANDRA-17628)
- * Supress CVE-2020-7238 (CASSANDRA-17697)
* Fix issue where frozen maps may not be serialized in the correct order (CASSANDRA-17623)
* Suppress CVE-2022-24823 (CASSANDRA-17633)
* fsync TOC and digest files (CASSANDRA-10709)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org