Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade linux dependencies #4875

Merged
merged 3 commits into from
Oct 31, 2024
Merged

Upgrade linux dependencies #4875

merged 3 commits into from
Oct 31, 2024

Conversation

emasab
Copy link
Contributor

@emasab emasab commented Oct 15, 2024
edited
Loading

Security upgrade for OpenSSL and Curl, CVEs fixed:

OpenSSL

CURL

Closes #4853

@emasab emasab requested a review from a team as a code owner October 15, 2024 15:42
@confluent-cla-assistant
Copy link

🎉 All Contributor License Agreements have been signed. Ready to merge.
Please push an empty commit if you would like to re-run the checks to verify CLA status for all contributors.

@airlock-confluentinc airlock-confluentinc bot force-pushed the dev_upgrade_linux_dependencies branch from 0205f53 to cad2a13 Compare October 15, 2024 15:43
@emasab emasab marked this pull request as draft October 16, 2024 07:06
@emasab emasab marked this pull request as ready for review October 29, 2024 15:36
@airlock-confluentinc airlock-confluentinc bot force-pushed the dev_upgrade_linux_dependencies branch from bed39db to 1e6a41a Compare October 29, 2024 15:37
pranavrth
pranavrth approved these changes Oct 30, 2024
View reviewed changes
Copy link
Member

@pranavrth pranavrth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!.

@airlock-confluentinc airlock-confluentinc bot force-pushed the dev_upgrade_linux_dependencies branch from 1e6a41a to b35460d Compare October 30, 2024 13:11
pranavrth
pranavrth approved these changes Oct 30, 2024
View reviewed changes
Copy link
Member

@pranavrth pranavrth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!.

@emasab emasab merged commit 443618d into master Oct 31, 2024
2 checks passed
@emasab emasab deleted the dev_upgrade_linux_dependencies branch October 31, 2024 10:57
@Kyle-Neale Kyle-Neale mentioned this pull request Nov 20, 2024
Merged
3 tasks
@datadog-agent-integrations-bot datadog-agent-integrations-bot bot mentioned this pull request Nov 22, 2024
Merged
3 tasks
airlock-confluentinc bot pushed a commit that referenced this pull request Nov 29, 2024
@emasab @PratRanj07
Upgrade linux dependencies (#4875)
41604e5 
* Security upgrade for OpenSSL and Curl, CVEs fixed:

OpenSSL
- CVE-2024-2511
- CVE-2024-4603
- CVE-2024-4741
- CVE-2024-5535
- CVE-2024-6119

CURL
- CVE-2024-8096
- CVE-2024-7264
- CVE-2024-6874
- CVE-2024-6197

* Fix for curl configure failure caused by
curl/curl#14373
@anchitj anchitj mentioned this pull request Dec 15, 2024
Merged
airlock-confluentinc bot pushed a commit that referenced this pull request Dec 15, 2024
@emasab @anchitj
Upgrade linux dependencies (#4875)
52df549 
* Security upgrade for OpenSSL and Curl, CVEs fixed:

OpenSSL
- CVE-2024-2511
- CVE-2024-4603
- CVE-2024-4741
- CVE-2024-5535
- CVE-2024-6119

CURL
- CVE-2024-8096
- CVE-2024-7264
- CVE-2024-6874
- CVE-2024-6197

* Fix for curl configure failure caused by
curl/curl#14373
anchitj added a commit that referenced this pull request Dec 15, 2024
@anchitj @emasab
@milindl @janjwerner-confluent
Backport 4438 to 2.2.0 (#4914)
2f3d0e6 
* Fix for idempotent producer fatal errors, triggered after a possibly persisted message state (#4438)

* Remove CentOS 6 and CentOS 7 binaries (#4775)

*Remove CentOS 6 and 7 support as discontinued, keeps
  using manylinux_2_28 based on AlmaLinux 8 (CentOS 8)
* Remove fix for CentOS 6
* Add CHANGELOG entry
* Upgrade test and verify package creation or installation
   using clients repository

* Upgrade msvcr140 and vcpkg dependencies (#4872)

* Add forward declaration to fix compilation without ssl (#4794)

and add build checks with different configurations

* PR comments

* Add files for lz4 1.9.4 (#4726)

* Add files for lz4 1.9.4

* Update changelog.md

* rdxxhash should not be in clang-format list

* Add instructions and update memory alloc/free

* Update instructions for lz4

* NONJAVACLI-3460: update dependencies (#4706)

* update third party dependencies
* update lz4 version in the header file
* update libraries for the windows build
* reverting the version bump in the headers
* use the latest version of curl
* Update OpenSSL and add CHANGELOG.md
* downgade curl version to one available via vcpkg
* downgrade zlib to last available version in vcpkg
* downgrade zstd to the latest available
* Include CPPFLAGS within make for libcurl
* Update mklove/modules/configure.libcurl
* Update CHANGELOG.md

---------

Co-authored-by: Milind L <[email protected]>
Co-authored-by: Emanuele Sabellico <[email protected]>

* Upgrade linux dependencies (#4875)

* Security upgrade for OpenSSL and Curl, CVEs fixed:

OpenSSL
- CVE-2024-2511
- CVE-2024-4603
- CVE-2024-4741
- CVE-2024-5535
- CVE-2024-6119

CURL
- CVE-2024-8096
- CVE-2024-7264
- CVE-2024-6874
- CVE-2024-6197

* Fix for curl configure failure caused by
curl/curl#14373

* Include NOTE in CHANGELOG

* Update RD_KAFKA_VERSION in rdkafkacpp.h

---------

Co-authored-by: Emanuele Sabellico <[email protected]>
Co-authored-by: Milind L <[email protected]>
Co-authored-by: Jan Werner <[email protected]>
Co-authored-by: Milind L <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pranavrth pranavrth pranavrth approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Libcurl and OpenSSL Vulnerabilities in librdkafka
2 participants
@emasab @pranavrth