Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE fixes #3385

Merged
merged 2 commits into from
Sep 26, 2023
Merged

CVE fixes #3385

merged 2 commits into from
Sep 26, 2023

Conversation

asifsmohammed
Copy link
Collaborator

@asifsmohammed asifsmohammed commented Sep 26, 2023
edited
Loading

Description

Fixes CVE-2022-36944, WS-2023-0116, CVE-2021-39194, CVE-2023-3635, CVE-2023-36479, CVE-2023-40167, WS-2023-0236

Issues Resolved

Check List

  • New functionality includes testing.
  • New functionality has a documentation issue. Please link to it in this PR.
    • New functionality has javadoc added
  • Commits are signed with a real name per the DCO

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@asifsmohammed
CVE fixes
e40fbb1 
CVE-2022-36944, WS-2023-0116, CVE-2021-39194, CVE-2023-3635, CVE-2023-36479, CVE-2023-40167

Signed-off-by: Asif Sohail Mohammed <[email protected]>
Signed-off-by: Asif Sohail Mohammed <[email protected]>
oeyh
oeyh previously approved these changes Sep 26, 2023
View reviewed changes
@asifsmohammed
Fix WS-2023-0236
72d89de 
Signed-off-by: Asif Sohail Mohammed <[email protected]>
Signed-off-by: Asif Sohail Mohammed <[email protected]>
@asifsmohammed asifsmohammed merged commit 5fdf95f into opensearch-project:main Sep 26, 2023
48 of 49 checks passed
@opensearch-trigger-bot
Copy link
Contributor

The backport to 2.4 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-2.4 2.4
# Navigate to the new working tree
cd .worktrees/backport-2.4
# Create a new branch
git switch --create backport/backport-3385-to-2.4
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 5fdf95fa368cbf6a51aef44135e8e909d9fc58f9
# Push it to GitHub
git push --set-upstream origin backport/backport-3385-to-2.4
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-2.4

Then, create a pull request where the base branch is 2.4 and the compare/head branch is backport/backport-3385-to-2.4.

asifsmohammed added a commit to asifsmohammed/data-prepper that referenced this pull request Sep 27, 2023
@asifsmohammed
CVE fixes (opensearch-project#3385)
e8e1817 
* CVE fixes
CVE-2022-36944, WS-2023-0116, CVE-2021-39194, CVE-2023-3635, CVE-2023-36479, CVE-2023-40167

Signed-off-by: Asif Sohail Mohammed <[email protected]>

* Fix WS-2023-0236

Signed-off-by: Asif Sohail Mohammed <[email protected]>

---------

Signed-off-by: Asif Sohail Mohammed <[email protected]>
(cherry picked from commit 5fdf95f)
asifsmohammed added a commit to asifsmohammed/data-prepper that referenced this pull request Sep 27, 2023
@asifsmohammed
CVE fixes (opensearch-project#3385)
1559fd6 
* CVE fixes
CVE-2022-36944, WS-2023-0116, CVE-2021-39194, CVE-2023-3635, CVE-2023-36479, CVE-2023-40167

Signed-off-by: Asif Sohail Mohammed <[email protected]>

* Fix WS-2023-0236

Signed-off-by: Asif Sohail Mohammed <[email protected]>

---------

Signed-off-by: Asif Sohail Mohammed <[email protected]>
(cherry picked from commit 5fdf95f)
asifsmohammed added a commit that referenced this pull request Sep 27, 2023
@asifsmohammed
CVE fixes (#3385) (#3392)
5ef5141 
* CVE fixes
CVE-2022-36944, WS-2023-0116, CVE-2021-39194, CVE-2023-3635, CVE-2023-36479, CVE-2023-40167

Signed-off-by: Asif Sohail Mohammed <[email protected]>

* Fix WS-2023-0236

Signed-off-by: Asif Sohail Mohammed <[email protected]>

---------

Signed-off-by: Asif Sohail Mohammed <[email protected]>
(cherry picked from commit 5fdf95f)
asifsmohammed added a commit to asifsmohammed/data-prepper that referenced this pull request Sep 27, 2023
@asifsmohammed
CVE fixes (opensearch-project#3385)
365f4df 
* CVE fixes
CVE-2022-36944, WS-2023-0116, CVE-2021-39194, CVE-2023-3635, CVE-2023-36479, CVE-2023-40167

Signed-off-by: Asif Sohail Mohammed <[email protected]>

* Fix WS-2023-0236

Signed-off-by: Asif Sohail Mohammed <[email protected]>

---------

Signed-off-by: Asif Sohail Mohammed <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oeyh oeyh oeyh approved these changes

@kkondaka kkondaka kkondaka approved these changes

@chenqi0805 chenqi0805 Awaiting requested review from chenqi0805 chenqi0805 is a code owner

@engechas engechas Awaiting requested review from engechas engechas is a code owner

@graytaylor0 graytaylor0 Awaiting requested review from graytaylor0 graytaylor0 is a code owner

@dinujoh dinujoh Awaiting requested review from dinujoh dinujoh is a code owner

@dlvenable dlvenable Awaiting requested review from dlvenable dlvenable is a code owner

Assignees
No one assigned
Labels
backport 2.4
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@asifsmohammed @oeyh @kkondaka