Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade simplekdc to 2.0.3 #2179

Closed
wants to merge 1 commit into from
Closed

Upgrade simplekdc to 2.0.3 #2179

wants to merge 1 commit into from

Conversation

yasiribmcon
Copy link
Contributor

Upgrading simplekdc version to "2.0.3" which supports a change that can correctly use security classes based on what version of IBM Semeru JDK(if applicable) is being used.

There is no regression observed using Semeru, OpenJDK and Temurin JDKs.

This PR resolves #2178 .

@yasiribmcon
Upgrade simplekdc to 2.0.3
c80a8dd 
Upgrading simplekdc version to "2.0.3"  which supports a change that can correctly use security classes based on what version of IBM Semeru JDK(if applicable) is being used.
@mhratson mhratson closed this Aug 19, 2024
@mhratson
Copy link
Contributor

Looks like one of the deps is flagged for vulnerabilities, so we can't accept this version bump. Maybe never version can succeed…

org.jboss.xnio:xnio-api:3.8.8.Final
Notes: Vulnerability found and is blocked by oss-canary: vulnerability: A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS). Version 3.8.14.Final is expected to contain a fix. remediation: Upgrade org.jboss.xnio:xnio-api from 3.8.8.Final to 3.8.14

@yasiribmcon yasiribmcon mentioned this pull request Aug 21, 2024
Merged
mhratson pushed a commit that referenced this pull request Aug 26, 2024
@yasiribmcon
Upgrade simplekdc to 2.1.0 (#2186)
8d7e4d3 
This PR resolves #2178

Upgrading simplekdc version to "2.1.0" which supports a change that can correctly use security classes based on what version of IBM Semeru JDK(if applicable) is being used.

There is no regression observed using Semeru, OpenJDK and Temurin JDKs.

This newer version(released on 14 August 2024) also caters vulnerability in deps mentioned  #2179 as **org.jboss.xnio:xnio-api** is updated to **3.8.16**[^1]

[^1]:https://github.com/apache/directory-kerby/releases/tag/kerby-all-2.1.0#:~:text=Bump%20org.jboss.xnio%3Axnio%2Dapi%20from%203.8.15.Final%20to%203.8.16.Final).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Testcases failing for Semeru JDK
2 participants
@yasiribmcon @mhratson