Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[close #567] upgrade jackson-databind to 2.13.2.2 to fix CVE-2020-36518 #584

Merged
merged 2 commits into from
Apr 7, 2022
Merged

[close #567] upgrade jackson-databind to 2.13.2.2 to fix CVE-2020-36518 #584

merged 2 commits into from
Apr 7, 2022

Conversation

iosmanthus
Copy link
Member

Signed-off-by: iosmanthus [email protected]

What problem does this PR solve?

Issue Number: close #567

Problem Description:

upgrade jackson-databind to 2.13.2.2 to fix CVE-2020-36518

What is changed and how does it work?

Related changes

  • Need to cherry-pick the release branch
  • Need to update the documentation
  • Need to be included in the release note
  • NO related changes

@iosmanthus
fix CVE-2020-36518
703bafd 
Signed-off-by: iosmanthus <[email protected]>
zz-jason
zz-jason approved these changes Apr 7, 2022
View reviewed changes
Copy link
Member

@zz-jason zz-jason left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@codecov
Copy link

codecov bot commented Apr 7, 2022
edited
Loading

Codecov Report

Merging #584 (2d8385c) into master (56d64ef) will decrease coverage by 0.21%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##             master     #584      +/-   ##
============================================
- Coverage     34.08%   33.87%   -0.22%     
+ Complexity     1360     1359       -1     
============================================
  Files           270      270              
  Lines         17131    17131              
  Branches       1950     1950              
============================================
- Hits           5839     5803      -36     
- Misses        10680    10716      +36     
  Partials        612      612
Impacted Files Coverage Δ
...rc/main/java/io/grpc/netty/NettyClientHandler.java 57.54% <0.00%> (-5.82%) ⬇️
src/main/java/io/grpc/stub/ClientCalls.java 48.51% <0.00%> (-1.99%) ⬇️
...va/org/tikv/common/region/StoreHealthyChecker.java 73.07% <0.00%> (-1.29%) ⬇️
...ty/handler/codec/http2/Http2ConnectionHandler.java 51.58% <0.00%> (-0.49%) ⬇️
src/main/java/org/tikv/common/PDClient.java 59.47% <0.00%> (-0.48%) ⬇️
src/main/java/org/tikv/common/TiSession.java 70.95% <0.00%> (-0.48%) ⬇️
src/main/java/io/grpc/netty/WriteQueue.java 76.69% <0.00%> (+2.25%) ⬆️
...g/tikv/common/operation/iterator/ScanIterator.java 76.31% <0.00%> (+2.63%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 56d64ef...2d8385c. Read the comment docs.

@zz-jason zz-jason enabled auto-merge (squash) April 7, 2022 09:00
marsishandsome
marsishandsome approved these changes Apr 7, 2022
View reviewed changes
Copy link
Collaborator

@marsishandsome marsishandsome left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@zz-jason zz-jason merged commit 7fa24c3 into tikv:master Apr 7, 2022
ti-srebot pushed a commit to ti-srebot/client-java that referenced this pull request Apr 7, 2022
@iosmanthus @ti-srebot
cherry pick tikv#584 to release-3.1
ae81d8d 
Signed-off-by: ti-srebot <[email protected]>
@ti-srebot ti-srebot mentioned this pull request Apr 7, 2022
Merged
@ti-srebot
Copy link
Collaborator

cherry pick to release-3.1 in PR #585

ti-srebot pushed a commit to ti-srebot/client-java that referenced this pull request Apr 7, 2022
@iosmanthus @ti-srebot
cherry pick tikv#584 to release-3.2
cd26c3c 
Signed-off-by: ti-srebot <[email protected]>
@ti-srebot ti-srebot mentioned this pull request Apr 7, 2022
Merged
@ti-srebot
Copy link
Collaborator

cherry pick to release-3.2 in PR #586

zz-jason pushed a commit that referenced this pull request Apr 7, 2022
@ti-srebot @iosmanthus
[close #567] upgrade jackson-databind to 2.13.2.2 to fix CVE-2020-36518
d0a3218 
… (#584) (#585)

Co-authored-by: iosmanthus <[email protected]>
Co-authored-by: iosmanthus <[email protected]>
zz-jason pushed a commit that referenced this pull request Apr 8, 2022
@ti-srebot @iosmanthus
[close #567] upgrade jackson-databind to 2.13.2.2 to fix CVE-2020-36518
058ba27 
… (#584) (#586)

Co-authored-by: iosmanthus <[email protected]>
iosmanthus added a commit that referenced this pull request Apr 8, 2022
@ti-srebot @iosmanthus
[close #567] upgrade jackson-databind to 2.13.2.2 to fix CVE-2020-36518
b54d6c0 
… (#584) (#585)

Co-authored-by: iosmanthus <[email protected]>
Co-authored-by: iosmanthus <[email protected]>
iosmanthus added a commit to iosmanthus/client-java that referenced this pull request May 30, 2022
@iosmanthus
[close tikv#567] upgrade jackson-databind to 2.13.2.2 to fix CVE-2020…
67ca6bf 
…-36518 (tikv#584)

Signed-off-by: iosmanthus <[email protected]>
sunxiaoguang pushed a commit that referenced this pull request May 30, 2022
@iosmanthus
[close #567] upgrade jackson-databind to 2.13.2.2 to fix CVE-2020-36518
fed0826 
… (#584) (#605)

Signed-off-by: iosmanthus <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zz-jason zz-jason zz-jason approved these changes

@marsishandsome marsishandsome marsishandsome approved these changes

@ti-srebot ti-srebot ti-srebot approved these changes

Assignees
No one assigned
Labels
status/LGT2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

update jackson-databind to fix CVE-2020-36518
4 participants
@iosmanthus @ti-srebot @zz-jason @marsishandsome