Skip to content

Fixing CVE 1767 #1768

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
acarbonetto merged 1 commit into from
Jun 22, 2023
Merged

Fixing CVE 1767 #1768

acarbonetto merged 1 commit into from
Jun 22, 2023

Conversation

@forestmvey
Copy link
Collaborator

@forestmvey forestmvey commented Jun 22, 2023

Description

Update guava for CVE fix.

Issues Resolved

1767

Check List

  • New functionality includes testing.
    • All tests pass, including unit test, integration test and doctest
  • New functionality has been documented.
    • New functionality has javadoc added
    • New functionality has user manual doc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@forestmvey
Fixing CVE 1767
3916044 
Signed-off-by: forestmvey <[email protected]>
@codecov
Copy link

codecov bot commented Jun 22, 2023

Codecov Report

Merging #1768 (3916044) into main (f6e2a97) will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##               main    #1768   +/-   ##
=========================================
  Coverage     97.29%   97.29%           
  Complexity     4408     4408           
=========================================
  Files           388      388           
  Lines         10944    10944           
  Branches        774      774           
=========================================
  Hits          10648    10648           
  Misses          289      289           
  Partials          7        7
Flag Coverage Δ
sql-engine 97.29% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@Yury-Fridlyand Yury-Fridlyand linked an issue Jun 22, 2023 that may be closed by this pull request
CVE-2023-2976 (Medium) detected in guava-31.1-jre.jar, guava-31.0.1-jre.jar #1767
Closed
@acarbonetto acarbonetto merged commit c7dfdb3 into opensearch-project:main Jun 22, 2023
@acarbonetto acarbonetto deleted the fix-cve-1767 branch June 22, 2023 19:35
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Jun 22, 2023
Merged
opensearch-trigger-bot bot pushed a commit that referenced this pull request Jun 22, 2023
@forestmvey @github-actions
Fixing CVE 1767 (#1768)
6439299 
Signed-off-by: forestmvey <[email protected]>
(cherry picked from commit c7dfdb3)
forestmvey added a commit that referenced this pull request Jun 22, 2023
@forestmvey
Fixing CVE 1767 (#1768)
047bec0 
Signed-off-by: forestmvey <[email protected]>
(cherry picked from commit c7dfdb3)
Signed-off-by: forestmvey <[email protected]>
acarbonetto pushed a commit to Bit-Quill/opensearch-project-sql that referenced this pull request Jun 22, 2023
@forestmvey @acarbonetto
Fixing CVE 1767 (opensearch-project#1768)
7fd2b36 
Signed-off-by: forestmvey <[email protected]>
Yury-Fridlyand pushed a commit that referenced this pull request Jun 22, 2023
@opensearch-trigger-bot @forestmvey
Fixing CVE 1767 (#1768) (#1769)
1583605 
(cherry picked from commit c7dfdb3)

Signed-off-by: forestmvey <[email protected]>
Co-authored-by: Forest Vey <[email protected]>
@acarbonetto acarbonetto added the v2.9.0 v2.9.0 label Jul 4, 2023
@jaguilar-atl jaguilar-atl mentioned this pull request Jul 26, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Yury-Fridlyand Yury-Fridlyand Yury-Fridlyand approved these changes

@acarbonetto acarbonetto acarbonetto approved these changes

@pjfitzgibbons pjfitzgibbons Awaiting requested review from pjfitzgibbons

@ps48 ps48 Awaiting requested review from ps48 ps48 is a code owner

@kavithacm kavithacm Awaiting requested review from kavithacm kavithacm is a code owner

@derek-ho derek-ho Awaiting requested review from derek-ho derek-ho is a code owner

@joshuali925 joshuali925 Awaiting requested review from joshuali925 joshuali925 is a code owner

@dai-chen dai-chen Awaiting requested review from dai-chen dai-chen is a code owner

@YANG-DB YANG-DB Awaiting requested review from YANG-DB YANG-DB is a code owner

@mengweieric mengweieric Awaiting requested review from mengweieric mengweieric is a code owner

@vamsimanohar vamsimanohar Awaiting requested review from vamsimanohar vamsimanohar is a code owner

@Swiddis Swiddis Awaiting requested review from Swiddis Swiddis is a code owner

@penghuo penghuo Awaiting requested review from penghuo penghuo is a code owner

@seankao-az seankao-az Awaiting requested review from seankao-az seankao-az is a code owner

@MaxKsyunz MaxKsyunz Awaiting requested review from MaxKsyunz MaxKsyunz is a code owner

@anirudha anirudha Awaiting requested review from anirudha anirudha is a code owner

@GumpacG GumpacG Awaiting requested review from GumpacG GumpacG is a code owner

+1 more reviewer

@rupal-bq rupal-bq rupal-bq approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport 2.x v2.9.0 v2.9.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CVE-2023-2976 (Medium) detected in guava-31.1-jre.jar, guava-31.0.1-jre.jar

4 participants

@forestmvey @rupal-bq @Yury-Fridlyand @acarbonetto