Fix: CVE-2020-36518, CVE-2022-24823

[asifsmohammed]

Signed-off-by: Asif Sohail Mohammed nsifmoh@amazon.com

Description

CVE-2020-36518: jackson-databind-2.13.1 from gatling-charts-highcharts-3.7.4
CVE-2022-24823: netty-common-4.1.74.Final from bom-2.17.209

Issues Resolved

Check List

• New functionality includes testing.
• New functionality has been documented.
  • New functionality has javadoc added
• Commits are signed with a real name per the DCO

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[dlvenable]

Let's just be sure the tests all pass on these changes.

[codecov-commenter]

Codecov Report

Merging #1704 (3ae0958) into main (81d9760) will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##               main    #1704   +/-   ##
=========================================
  Coverage     93.32%   93.32%           
  Complexity     1351     1351           
=========================================
  Files           178      178           
  Lines          3969     3969           
  Branches        317      317           
=========================================
  Hits           3704     3704           
  Misses          189      189           
  Partials         76       76           

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[opensearch-trigger-bot]

The backport to 1.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.x 1.x
# Navigate to the new working tree
cd .worktrees/backport-1.x
# Create a new branch
git switch --create backport/backport-1704-to-1.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 23911dd95707750a8cf51888daf5b56685e4d2f4
# Push it to GitHub
git push --set-upstream origin backport/backport-1704-to-1.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.x

Then, create a pull request where the base branch is 1.x and the compare/head branch is backport/backport-1704-to-1.x.

[opensearch-trigger-bot]

The backport to 1.5 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.5 1.5
# Navigate to the new working tree
cd .worktrees/backport-1.5
# Create a new branch
git switch --create backport/backport-1704-to-1.5
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 23911dd95707750a8cf51888daf5b56685e4d2f4
# Push it to GitHub
git push --set-upstream origin backport/backport-1704-to-1.5
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.5

Then, create a pull request where the base branch is 1.5 and the compare/head branch is backport/backport-1704-to-1.5.

[dlvenable]

The backport has merge conflicts with 1.5 and 1.x.