Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CVE-2023-39410 #3450

Merged
merged 1 commit into from
Oct 6, 2023
Merged

Fix CVE-2023-39410 #3450

merged 1 commit into from
Oct 6, 2023

Conversation

asifsmohammed
Copy link
Collaborator

@asifsmohammed asifsmohammed commented Oct 6, 2023
edited
Loading

Description

Resolved CVE related to avro

Issues Resolved

Resolves #[Issue number to be closed when this PR is merged]

Check List

  • New functionality includes testing.
  • New functionality has a documentation issue. Please link to it in this PR.
    • New functionality has javadoc added
  • Commits are signed with a real name per the DCO

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@asifsmohammed
Fix CVE-2023-39410
ac271cd 
Signed-off-by: Asif Sohail Mohammed <nsifmoh@amazon.com>
dlvenable
dlvenable approved these changes Oct 6, 2023
View reviewed changes
Copy link
Member

@dlvenable dlvenable left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for consolidating these dependencies!

@asifsmohammed asifsmohammed merged commit 74409e2 into opensearch-project:main Oct 6, 2023
48 of 49 checks passed
opensearch-trigger-bot bot pushed a commit that referenced this pull request Oct 6, 2023
@asifsmohammed @github-actions
Fix CVE-2023-39410 (#3450)
d46dacc 
Signed-off-by: Asif Sohail Mohammed <nsifmoh@amazon.com>
(cherry picked from commit 74409e2)
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Oct 6, 2023
Merged
asifsmohammed added a commit that referenced this pull request Oct 6, 2023
@opensearch-trigger-bot @asifsmohammed
Fix CVE-2023-39410 (#3450) (#3455)
878ec0f 
Signed-off-by: Asif Sohail Mohammed <nsifmoh@amazon.com>
(cherry picked from commit 74409e2)

Co-authored-by: Asif Sohail Mohammed <nsifmoh@amazon.com>
@anand3493
Copy link

@asifsmohammed @dlvenable Can you please let us know the release date for the version 2.5.0 ?

@dlvenable
Copy link
Member

@anand3493 , We are planning to release 2.5.0 this week.

@anand3493
Copy link

@dlvenable Thanks for the update.

@anand3493
Copy link

anand3493 commented Oct 12, 2023
edited
Loading

@dlvenable Earlier today I had sent you an email regarding the vulnerabilities associated to the 2.5.0 release.
Because of Ubuntu based release of 2.5.0, now data prepper has so many OS related vulnerabilities.

While 2.4.1 based out of alpine had very lesser vulnerabilities.

If 2.5.0 is based out of alpine, it will have only 2 MED 2 HIGH, but now it has 2 Low, 2 Medium, 7 High.
Can you please help me out here with a data prepper image with reduced vulnerabilities?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dlvenable dlvenable dlvenable approved these changes

@graytaylor0 graytaylor0 graytaylor0 approved these changes

@chenqi0805 chenqi0805 Awaiting requested review from chenqi0805 chenqi0805 is a code owner

@engechas engechas Awaiting requested review from engechas engechas is a code owner

@dinujoh dinujoh Awaiting requested review from dinujoh dinujoh is a code owner

@kkondaka kkondaka Awaiting requested review from kkondaka kkondaka is a code owner

@oeyh oeyh Awaiting requested review from oeyh oeyh is a code owner

Assignees
No one assigned
Labels
backport 2.5
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@asifsmohammed @anand3493 @dlvenable @graytaylor0