Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[security] Update fastjson version to 1.2.83 #16148

Merged
merged 1 commit into from
Jun 21, 2022
Merged

[security] Update fastjson version to 1.2.83 #16148

merged 1 commit into from
Jun 21, 2022

Conversation

tisonkun
Copy link
Member

This PR is related to #16110.

Motivation

Fixes CVE-2022-25845.

Modifications

Update fastjson version to 1.2.83

Verifying this change

  • Make sure that the change passes the CI checks.

Does this pull request potentially affect one of the following parts:

If yes was chosen, please highlight the changes

  • Dependencies (does it add or upgrade a dependency): (yes)

To fix CVE-2022-25845. It's a patch version bump, which should be safe to apply.

  • The public API: (yes / no)
  • The schema: (yes / no / don't know)
  • The default values of configurations: (yes / no)
  • The wire protocol: (yes / no)
  • The rest endpoints: (yes / no)
  • The admin cli options: (yes / no)
  • Anything that affects deployment: (yes / no / don't know)

Documentation

Check the box below or label this PR directly.

Need to update docs?

  • doc-required
    (Your PR needs to update docs and you will update later)

  • doc-not-needed
    (Please explain why)

  • doc
    (Your PR contains doc changes)

  • doc-complete
    (Docs have been already added)

@tisonkun
Copy link
Member Author

cc @lhotari @nicoloboschi

@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Jun 20, 2022
@codelipenghui codelipenghui added this to the 2.11.0 milestone Jun 21, 2022
@tisonkun
Copy link
Member Author

@nicoloboschi @codelipenghui could you merge this PR or #16110 first? They're logically as a whole and block my initial PR #16109. IIUC we should merge this PR and #16110 first and review #16109, decide whether to accept #16109.

@nicoloboschi nicoloboschi merged commit 31cd857 into apache:master Jun 21, 2022
@tisonkun tisonkun deleted the security-fastjson branch June 21, 2022 06:02
@tisonkun
Copy link
Member Author

Thanks for your review!

@tisonkun tisonkun mentioned this pull request Jun 21, 2022
Merged
5 tasks
@mattisonchao mattisonchao mentioned this pull request Jun 28, 2022
Merged
5 tasks
mattisonchao added a commit that referenced this pull request Jul 15, 2022
@mattisonchao
[Branch 2.10] Fix some OWASP dependency problems. (#16260)
880bb53 
- #16148 
- #15829
- #15864
- #14910
nicoloboschi pushed a commit to datastax/pulsar that referenced this pull request Jul 19, 2022
@mattisonchao @nicoloboschi
[Branch 2.10] Fix some OWASP dependency problems. (apache#16260)
650ce37 
- apache#16148
- apache#15829
- apache#15864
- apache#14910

(cherry picked from commit 880bb53)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codelipenghui codelipenghui codelipenghui approved these changes

@nicoloboschi nicoloboschi nicoloboschi approved these changes

Assignees

@tisonkun tisonkun

Labels
area/security doc-not-needed Your PR changes do not impact docs
Projects
None yet
Milestone
2.11.0
Development

Successfully merging this pull request may close these issues.
3 participants
@tisonkun @codelipenghui @nicoloboschi