Skip to content

[Backport 2.x] Fix CVE 2023 39410#12198

Merged
kotwanikunal merged 3 commits intoopensearch-project:2.xfrom
kotwanikunal:fix-CVE-2023-39410
Feb 6, 2024
Merged

[Backport 2.x] Fix CVE 2023 39410#12198
kotwanikunal merged 3 commits intoopensearch-project:2.xfrom
kotwanikunal:fix-CVE-2023-39410

Conversation

@kotwanikunal
Copy link
Copy Markdown
Member

@kotwanikunal kotwanikunal commented Feb 6, 2024

Description

Related Issues

Resolves CVE-2023-39410

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Failing checks are inspected and point to the corresponding known issue(s) (See: Troubleshooting Failing Builds)
  • Commits are signed per the DCO using --signoff
  • Commit changes are listed out in CHANGELOG.md file (See: Changelog)
  • Public documentation issue/PR created

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@kotwanikunal kotwanikunal added the v2.12.0 Issues and PRs related to version 2.12.0 label Feb 6, 2024
@kotwanikunal
Copy link
Copy Markdown
Member Author

kotwanikunal commented Feb 6, 2024

@reta @mch2 - Please have a look.

mch2 added 3 commits February 6, 2024 13:16
@mch2 @kotwanikunal
Force version of logback-core and logback-classic to 1.2.13 (opensear…
b8f026f 
…ch-project#11521)

* force version of logback-core and logback-classic to 1.2.13

Signed-off-by: Marc Handalian <marc.handalian@gmail.com>

* add changelog

Signed-off-by: Marc Handalian <marc.handalian@gmail.com>

---------

Signed-off-by: Marc Handalian <marc.handalian@gmail.com>
Signed-off-by: Kunal Kotwani <kkotwani@amazon.com>
@mch2 @kotwanikunal
Bump jetty version in hdfs-fixture to 9.4.53.v20231009 (opensearch-pr…
32b911f 
…oject#11539)

* Bump jetty version in hdfs-fixture to 9.4.53.v20231009

Signed-off-by: Marc Handalian <marc.handalian@gmail.com>

* fix changelog

Signed-off-by: Marc Handalian <marc.handalian@gmail.com>

---------

Signed-off-by: Marc Handalian <marc.handalian@gmail.com>
Signed-off-by: Kunal Kotwani <kkotwani@amazon.com>
@mch2 @kotwanikunal
Exclude apache avro version included with hadoop-minicluster (opensea…
6bcf02b 
…rch-project#11564)

Signed-off-by: Marc Handalian <marc.handalian@gmail.com>
Signed-off-by: Kunal Kotwani <kkotwani@amazon.com>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 6, 2024

❌ Gradle check result for 32433c7: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 6, 2024

❌ Gradle check result for 6bcf02b:

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 6, 2024
edited
Loading

Compatibility status:

Checks if related components are compatible with change 6bcf02b

Incompatible components

Incompatible components: [https://github.com/opensearch-project/performance-analyzer-rca.git, https://github.com/opensearch-project/performance-analyzer.git]

Skipped components

Compatible components

Compatible components: [https://github.com/opensearch-project/custom-codecs.git, https://github.com/opensearch-project/asynchronous-search.git, https://github.com/opensearch-project/cross-cluster-replication.git, https://github.com/opensearch-project/job-scheduler.git, https://github.com/opensearch-project/flow-framework.git, https://github.com/opensearch-project/reporting.git, https://github.com/opensearch-project/common-utils.git, https://github.com/opensearch-project/geospatial.git, https://github.com/opensearch-project/neural-search.git, https://github.com/opensearch-project/k-nn.git, https://github.com/opensearch-project/anomaly-detection.git, https://github.com/opensearch-project/security-analytics.git, https://github.com/opensearch-project/notifications.git, https://github.com/opensearch-project/ml-commons.git, https://github.com/opensearch-project/alerting.git, https://github.com/opensearch-project/observability.git, https://github.com/opensearch-project/index-management.git, https://github.com/opensearch-project/security.git, https://github.com/opensearch-project/sql.git]

@kotwanikunal
Copy link
Copy Markdown
Member Author

kotwanikunal commented Feb 6, 2024

Jenkins died :(

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 6, 2024

❕ Gradle check result for 6bcf02b: UNSTABLE

  • TEST FAILURES:
      1 org.opensearch.remotestore.RemoteIndexPrimaryRelocationIT.testPrimaryRelocationWhileIndexing
      1 org.opensearch.index.shard.RemoteIndexShardTests.testNoFailuresOnFileReads
      1 org.opensearch.action.admin.indices.create.CreateIndexIT.testCreateAndDeleteIndexConcurrently
      1 org.opensearch.action.admin.indices.create.CreateIndexIT.classMethod

Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.

@kotwanikunal kotwanikunal merged commit bf83859 into opensearch-project:2.x Feb 6, 2024
@kotwanikunal kotwanikunal deleted the fix-CVE-2023-39410 branch April 9, 2024 23:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@reta reta reta approved these changes

@abbashus abbashus Awaiting requested review from abbashus

@adnapibar adnapibar Awaiting requested review from adnapibar

@anasalkouz anasalkouz Awaiting requested review from anasalkouz anasalkouz is a code owner

@andrross andrross Awaiting requested review from andrross andrross is a code owner

@Bukhtawar Bukhtawar Awaiting requested review from Bukhtawar Bukhtawar is a code owner

@CEHENKLE CEHENKLE Awaiting requested review from CEHENKLE CEHENKLE is a code owner

@dblock dblock Awaiting requested review from dblock

@dbwiddis dbwiddis Awaiting requested review from dbwiddis dbwiddis is a code owner

@dreamer-89 dreamer-89 Awaiting requested review from dreamer-89

@gbbafna gbbafna Awaiting requested review from gbbafna gbbafna is a code owner

@kartg kartg Awaiting requested review from kartg

@mch2 mch2 Awaiting requested review from mch2 mch2 is a code owner

@msfroh msfroh Awaiting requested review from msfroh msfroh is a code owner

@nknize nknize Awaiting requested review from nknize

@owaiskazi19 owaiskazi19 Awaiting requested review from owaiskazi19 owaiskazi19 is a code owner

@Rishikesh1159 Rishikesh1159 Awaiting requested review from Rishikesh1159 Rishikesh1159 is a code owner

@ryanbogan ryanbogan Awaiting requested review from ryanbogan

@sachinpkale sachinpkale Awaiting requested review from sachinpkale sachinpkale is a code owner

@saratvemulapalli saratvemulapalli Awaiting requested review from saratvemulapalli saratvemulapalli is a code owner

@shwetathareja shwetathareja Awaiting requested review from shwetathareja shwetathareja is a code owner

@sohami sohami Awaiting requested review from sohami sohami is a code owner

@tlfeng tlfeng Awaiting requested review from tlfeng

@VachaShah VachaShah Awaiting requested review from VachaShah

Assignees

No one assigned

Labels

v2.12.0 Issues and PRs related to version 2.12.0

Projects

Test roadmap format
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kotwanikunal @reta @mch2