You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@dubbo.apache.org by GitBox <gi...@apache.org> on 2022/10/08 13:04:06 UTC

[GitHub] [dubbo] zhoumengyks opened a new pull request, #10708: fix(sec): upgrade org.bouncycastle:bcprov-ext-jdk15on to 1.69

zhoumengyks opened a new pull request, #10708:
URL: https://github.com/apache/dubbo/pull/10708

   ### What happened？
   There are 1 security vulnerabilities found in org.bouncycastle:bcprov-ext-jdk15on 1.68
   - [MPS-2022-54308](https://www.oscs1024.com/hd/MPS-2022-54308)
   
   
   ### What did I do？
   Upgrade org.bouncycastle:bcprov-ext-jdk15on from 1.68 to 1.69 for vulnerability fix
   
   ### What did you expect to happen？
   Ideally, no insecure libs should be used.
   
   ### The specification of the pull request
   [PR Specification](https://www.oscs1024.com/docs/pr-specification/) from OSCS


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo] codecov-commenter commented on pull request #10708: fix(sec): upgrade org.bouncycastle:bcprov-ext-jdk15on to 1.69

Posted by GitBox <gi...@apache.org>.

codecov-commenter commented on PR #10708:
URL: https://github.com/apache/dubbo/pull/10708#issuecomment-1272330937

   # [Codecov](https://codecov.io/gh/apache/dubbo/pull/10708?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
   > Merging [#10708](https://codecov.io/gh/apache/dubbo/pull/10708?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (2116bdc) into [3.1](https://codecov.io/gh/apache/dubbo/commit/e893407dd8f76f56509262271816a04ccadb9f7b?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (e893407) will **decrease** coverage by `0.17%`.
   > The diff coverage is `n/a`.
   
   ```diff
   @@             Coverage Diff              @@
   ##                3.1   #10708      +/-   ##
   ============================================
   - Coverage     65.20%   65.02%   -0.18%     
     Complexity      493      493              
   ============================================
     Files          1336     1336              
     Lines         56932    56932              
     Branches       8438     8438              
   ============================================
   - Hits          37123    37022     -101     
   - Misses        15840    15939      +99     
   - Partials       3969     3971       +2     
   ```
   
   
   | [Impacted Files](https://codecov.io/gh/apache/dubbo/pull/10708?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
   |---|---|---|
   | [.../serialize/hessian2/Hessian2SerializerFactory.java](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZHViYm8tc2VyaWFsaXphdGlvbi9kdWJiby1zZXJpYWxpemF0aW9uLWhlc3NpYW4yL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kdWJiby9jb21tb24vc2VyaWFsaXplL2hlc3NpYW4yL0hlc3NpYW4yU2VyaWFsaXplckZhY3RvcnkuamF2YQ==) | `0.00% <0.00%> (-100.00%)` | :arrow_down: |
   | [...sian2/dubbo/DefaultHessian2FactoryInitializer.java](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZHViYm8tc2VyaWFsaXphdGlvbi9kdWJiby1zZXJpYWxpemF0aW9uLWhlc3NpYW4yL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kdWJiby9jb21tb24vc2VyaWFsaXplL2hlc3NpYW4yL2R1YmJvL0RlZmF1bHRIZXNzaWFuMkZhY3RvcnlJbml0aWFsaXplci5qYXZh) | `0.00% <0.00%> (-100.00%)` | :arrow_down: |
   | [...ize/hessian2/dubbo/Hessian2FactoryInitializer.java](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZHViYm8tc2VyaWFsaXphdGlvbi9kdWJiby1zZXJpYWxpemF0aW9uLWhlc3NpYW4yL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kdWJiby9jb21tb24vc2VyaWFsaXplL2hlc3NpYW4yL2R1YmJvL0hlc3NpYW4yRmFjdG9yeUluaXRpYWxpemVyLmphdmE=) | `0.00% <0.00%> (-60.00%)` | :arrow_down: |
   | [...common/serialize/hessian2/Hessian2ObjectInput.java](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZHViYm8tc2VyaWFsaXphdGlvbi9kdWJiby1zZXJpYWxpemF0aW9uLWhlc3NpYW4yL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kdWJiby9jb21tb24vc2VyaWFsaXplL2hlc3NpYW4yL0hlc3NpYW4yT2JqZWN0SW5wdXQuamF2YQ==) | `0.00% <0.00%> (-51.86%)` | :arrow_down: |
   | [...ian2/dubbo/AbstractHessian2FactoryInitializer.java](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZHViYm8tc2VyaWFsaXphdGlvbi9kdWJiby1zZXJpYWxpemF0aW9uLWhlc3NpYW4yL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kdWJiby9jb21tb24vc2VyaWFsaXplL2hlc3NpYW4yL2R1YmJvL0Fic3RyYWN0SGVzc2lhbjJGYWN0b3J5SW5pdGlhbGl6ZXIuamF2YQ==) | `0.00% <0.00%> (-50.00%)` | :arrow_down: |
   | [...ommon/serialize/hessian2/Hessian2ObjectOutput.java](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZHViYm8tc2VyaWFsaXphdGlvbi9kdWJiby1zZXJpYWxpemF0aW9uLWhlc3NpYW4yL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kdWJiby9jb21tb24vc2VyaWFsaXplL2hlc3NpYW4yL0hlc3NpYW4yT2JqZWN0T3V0cHV0LmphdmE=) | `0.00% <0.00%> (-43.75%)` | :arrow_down: |
   | [...mmon/serialize/hessian2/Hessian2Serialization.java](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZHViYm8tc2VyaWFsaXphdGlvbi9kdWJiby1zZXJpYWxpemF0aW9uLWhlc3NpYW4yL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kdWJiby9jb21tb24vc2VyaWFsaXplL2hlc3NpYW4yL0hlc3NpYW4yU2VyaWFsaXphdGlvbi5qYXZh) | `40.00% <0.00%> (-40.00%)` | :arrow_down: |
   | [...nt/metadata/ServiceInstanceHostPortCustomizer.java](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZHViYm8tcmVnaXN0cnkvZHViYm8tcmVnaXN0cnktYXBpL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kdWJiby9yZWdpc3RyeS9jbGllbnQvbWV0YWRhdGEvU2VydmljZUluc3RhbmNlSG9zdFBvcnRDdXN0b21pemVyLmphdmE=) | `65.78% <0.00%> (-21.06%)` | :arrow_down: |
   | [...bbo/remoting/buffer/ChannelBufferOutputStream.java](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZHViYm8tcmVtb3RpbmcvZHViYm8tcmVtb3RpbmctYXBpL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kdWJiby9yZW1vdGluZy9idWZmZXIvQ2hhbm5lbEJ1ZmZlck91dHB1dFN0cmVhbS5qYXZh) | `68.75% <0.00%> (-18.75%)` | :arrow_down: |
   | [...common/serialize/DefaultMultipleSerialization.java](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZHViYm8tc2VyaWFsaXphdGlvbi9kdWJiby1zZXJpYWxpemF0aW9uLWFwaS9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvZHViYm8vY29tbW9uL3NlcmlhbGl6ZS9EZWZhdWx0TXVsdGlwbGVTZXJpYWxpemF0aW9uLmphdmE=) | `85.71% <0.00%> (-14.29%)` | :arrow_down: |
   | ... and [40 more](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | |
   
   :mega: We’re building smart automated test selection to slash your CI/CD build times. [Learn more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo] AlbumenJ merged pull request #10708: fix(sec): upgrade org.bouncycastle:bcprov-ext-jdk15on to 1.69

Posted by GitBox <gi...@apache.org>.

AlbumenJ merged PR #10708:
URL: https://github.com/apache/dubbo/pull/10708


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org